From: Sam S. <sd...@gn...> - 2016-08-30 13:53:33
|
Hi, > * Tomas Hlavaty <gbz@ybtnaq.pbz> [2016-08-30 09:17:33 +0200]: > Sam Steingold <sd...@gn...> writes: >> running external programs without a full path is a security risk. > > What is the reasoning behind this assertion? * if clisp executes "pwd" and * you have, say, "~/bin" in your $PATH before "/bin" and * a malicious actor plants an executable named "pwd" into "~/bin", then you will run that executable as yourself. -- Sam Steingold (http://sds.podval.org/) on darwin Ns 10.3.1404 http://www.childpsy.net/ http://honestreporting.com http://think-israel.org http://iris.org.il http://thereligionofpeace.com http://islamexposedonline.com Abandon all hope, all ye who press Enter. |