On Saturday 07 February 2009 01:18:30 Randall R Schulz wrote:
None of the dot-in-PATH doomsayers have explained how their scenarios exclude the directories that _are_ in PATH from being targeted in exactly the same way. In fact, it makes a hell of a lot more sense to use one of the various "bin" directories than some other random directory in which someone may never issue a command for a given hijacked program.
The directories which normally are in the path require you to be root to write to them. And if someone already is root, it doesn't really matter what you have in your path. At that point you're not talking about targets anymore This is about what a normal user can do to you, or what you accidentally can do to yourself. Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org