Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
From: "Dave Korn" <dave DOT korn AT artimi DOT com>
To: <cygwin AT cygwin DOT com>
Subject: [TITTTL] RE: Sould . (current dir) be in the PATH
Date: Thu, 15 Sep 2005 20:34:55 +0100
MIME-Version: 1.0
Content-Type: text/plain; 	charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To:  <m3k6hima2e.fsf@jdb.homelinux.org>
Message-ID: <SERRANOZQu5Snz8kxpy0000041f@SERRANO.CAM.ARTIMI.COM>

----Original Message----
>From: J. David Boyd
>Sent: 15 September 2005 19:59

> "Dave Korn" <dave DOT korn AT OHSHITHERECOMESTHESPAM> writes:

  Dave.... gentle reminder:  http://cygwin.com/acronyms#PCYMTNQREAIYR

> Sure, a totally valid point on Unix or Linux.  But on most cygwin installs
> that I know of, there is only one user, and if that user (me, for
> instance), did something that stupid, oh well...

  Well.  It's not just directly multi-user systems that are vulnerable; for
example, there must be plenty of cgi scripts on webservers out there that
create files in /tmp with content from a user's request, and if the name can
be manipulated as well.... boom!

  But this is all OT now.  If you want to carry on discussing generalised
security stuff, let's http://cygwin.com/acronyms#TITTTL.
Bock-bock-b'gaaaaawk!



    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/