[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ver. 2.11.56 problems

From: Chris Snyder
Subject: Re: ver. 2.11.56 problems
Date: Tue, 19 Aug 2008 10:51:35 -0400
User-agent: Thunderbird (X11/20080724)

Tom Cloyd wrote:
Major lesson: the Unix/Linix command processor (or whatever - genie?) is
disinterested in the fact that I'm already in the dir containing the
referenced file. I have to tell it explicitly. Coming from Windows, I
find this extremely confusing, nonsensical, etc., but I now suddenly
understand why there are 75,000+ symlinks in my OS (unless, of course,
I'm completely misunderstanding what symlinks are about).

I made the switch from DOS/Windows about six years ago, and remember the same confusion. There is a very good reason for this behavior: it provides a safeguard against malicious programs being accidentally executed. Consider the following example:

A user places an executable named "ls" in their home directory. This executable silently gives that user root-level access to the system, then calls the actual ls program. This program won't do anything if run by a normal user, of course. However, the malicious user asks the system administrator to take a look at their home directory to diagnose a problem they're having. The administrator changes to the user's home directory and runs ls to get a directory listing; unbeknownst to the administrator, the malicious ls has just given the user admin privileges using the privileges of the administrator that called it.

This isn't as big of a deal with single-user systems, but it still is a good way to make sure that users are aware that they're not executing system-supplied software.

Well, that explanation was longer than I thought it would be. Hopefully it's useful, or at least interesting.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]