Is this a security risk with Python too?
Paul Rubin
phr-n2002b at NOSPAMnightsong.com
Fri Aug 16 21:02:51 EDT 2002
Richard Jones <rjones at ekit-inc.com> writes:
> I say "secure" because really, if someone's got write access to your current
> dir, you're in deep poo anyway. What's to stop them writing a new "python"
> program there. Most unixes have '.' first in the user's search PATH. Ever
> notice how the "root" user doesn't though?
"." is usually not first in the path of ordinary users either, in
systems I've seen. It hasn't been that way in ages. It occasionally
happens but more commonly "." isn't on the path at all, and you have
to say "./whatever" to run a program from the current directory.
More information about the Python-list
mailing list