Menu
▾
▴
Re: /bin/pwd
|
From: Tomas H. <to...@lo...> - 2016-08-30 19:06:02
|
Hi Sam, Steingold <sd...@gn...> writes: >> * Tomas Hlavaty <gb...@yb...> [2016-08-30 09:17:33 +0200]: >> Sam Steingold <sd...@gn...> writes: >>> running external programs without a full path is a security risk. >> >> What is the reasoning behind this assertion? > > * if clisp executes "pwd" and > * you have, say, "~/bin" in your $PATH before "/bin" and > * a malicious actor plants an executable named "pwd" into "~/bin", then > you will run that executable as yourself. thanks for your reply. Tomas |
