Re: /bin/pwd

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

> * Tomas Hlavaty <gbz@ybtnaq.pbz> [2016-08-30 09:17:33 +0200]:
> Sam Steingold <sd...@gn...> writes:
>> running external programs without a full path is a security risk.
>
> What is the reasoning behind this assertion?

* if clisp executes "pwd" and
* you have, say, "~/bin" in your $PATH before "/bin" and
* a malicious actor plants an executable named "pwd" into "~/bin", then
  you will run that executable as yourself.

-- 
Sam Steingold (http://sds.podval.org/) on darwin Ns 10.3.1404
http://www.childpsy.net/ http://honestreporting.com http://think-israel.org
http://iris.org.il http://thereligionofpeace.com http://islamexposedonline.com
Abandon all hope, all ye who press Enter.