best way to ensure './' is at beginning of sys.path?
Cameron Simpson
cs at zip.com.au
Sat Feb 4 18:47:40 EST 2017
On 04Feb2017 12:56, Wildman <best_lay at yahoo.com> wrote:
>On Sat, 04 Feb 2017 18:25:03 +0000, Grant Edwards wrote:
>> The next time you are in the /tmp directory looking for something, can
>> you guess what happens when you mistype "ls" as "sl"?
[...]
>Your scenario assumes the malicious user has root access
>to be able to place a file into /tmp.
/tmp is _publicly_ writable. _Any_ user can do that.
>And there would
>have to be some reason why I would be looking around in
>/tmp. After 10 years of using Linux, it hasn't happened
>yet.
Amazing. I was looking around in /tmp in my first days of using UNIX. There's
stuff in there.
>And last I would have to be a complete idiot.
If you've got "." in your $PATH, I am beginning to think that this thesis is
supported.
>I suppose all that could be a reality, but, how many
>computers do you know of have been compromised in this
>manor?
Hmm. I've compromised my friends (with harmless pranks) in this way. These days
that doesn't work so well became having "." in your path is not done.
Cheers,
Cameron Simpson <cs at zip.com.au>
More information about the Python-list
mailing list