http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c7 --- Comment #7 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-05-26 10:16:07 UTC --- (In reply to comment #6)
(In reply to comment #5)
Not only ghostscript but also using the `.' in the personal PATH is a simple problem. Suppose that the user does a
cd /tmp ls
and now suppose an other user had done
echo -e '#!/bin/sh\ncd\nrm -rf .' > /tmp/ls chmod 755 /tmp/ls
... do you see the problem of having `.' at first place within the execution path?
I do not have . in $PATH and I would know how to remove it if I had one. It is not the case with GhostScript: I am exposed and I have no means of preventing it. The various risky directories you cite are just that --- a bunch risky directories. However, with GhostScript, _any_ directory is risky. Chris -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.