Re: PPP Script Problem

[Aaron Prohaska <verdesoft verdesoft net>]

Hi Bruce, thanks for letting me know about this little problem. When I
made the scripts the directions told me to make a symbolic link in the
/bin dir pointing to ppp-on. Is this a problem also?

Aaron

Bruce Richardson wrote:
> 
> On Sun, 4 Apr 1999, Jimmy D. Burrell wrote:
> 
> > Aaron Prohaska wrote:
> >
> > > snip....I get an error from bash saying 'command not found'. Does anyone
> >
> > Sounds like your current directory (a.k.a. '.') is not in your PATH
> > statement.
> >
> > Try ... $ PATH=$PATH:.
> >
> 
> Don't do that, it's a major security no-no.  Linux/Unix always searches
> the path before passing a command to the shell.  If you place the current
> directory in the path then this can happen:
> 
> 1.  Cracker gets into your system, but not very far.
> 2.  Cracker puts malicious script into a directory he can reach and
> renames it to the same name as a shell command such as ls.
> 3.  You, logged in as root, cd to that directory and type `ls'.
> 4.  Bingo, Cracker has tricked you into executing malicious script and now
> has total access to your system (remember, in Unix a script can do
> _anything_, like e-mail your password file to someone).
> 
> It doesn't take long to learn to put ./ in front of things.  Better, place
> your personal scripts in ~/bin, which should be on your path by default.
> 
> --
>   PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>                 http://www.redhat.com http://archive.redhat.com
>          To unsubscribe: mail redhat-list-request redhat com with
>                        "unsubscribe" as the Subject.

-- 
_________________________________________________

mailto:verdesoft verdesoft net
VerdeSoft Internet Services
http://www.verdesoft.net/