[Courses] [Perl] Part 1: Getting Started

Magni Onsoien magnio+courses at pvv.org
Tue Apr 5 17:56:04 EST 2005 

On 2005-04-05 16:46:08 +1000, Sue Stones said:
> Colleen Hatfield wrote:
> >If you're the only
> >person that ever touches your machine, it's probably not too
> >dangerous; otherwise it should definitely be avoided. ;-)
> 
> Personally, yes I am the only one that has ever used my machine.  (My 
> only housemate for the last decade has been a dog that had absolutely no 
> interest in using the computer)  But if I was in a position where 
> someone else was going to use my computer even for a few hours, I would 
> create an account for them.

I do that before they are getting close to anythng but a locked screen
:-)

But imagine that you have created her an account and you are using the
computer together (either simultanously, like a server, or sequentally).
The other person make a script that do something pretty evil, like 'rm
-rf $HOME 2>&1>/dev/null' (which will delete your homedir and redirect
all errors to /dev/null so you won't see them). This script is called ls
and is put into /tmp (a directory writeable for anyone) and made 
executable for all.

I guess you can figure out what happens when you go to /tmp and type 'ls'
to see what's there, if you have . first in your $PATH? :-)

So making a separate account really doesn't matter if it's a multi user
system, since in reality you'll be sharing directories and stuff anyway.
And DON'T remove the world-write permissions for /tmp, it will break
your system :-) (Not breaking in the same sense as rm -rf $HOME, though...)

And for the record, the same will of course happen if the user puts her 
malicious script in her $HOME-directory and asks you to "have a look at
my homedir, something seems to be wrong there".

The best thing to do is to stick with ./script and avoid . in the $PATH.
If you make scripts, it's safer to add their directory at the end of the
$PATH (with e.g. 'export PATH=$PATH:$HOME/myscriptdir:$HOME/perlcourse').
If you WANT to have . in your $PATH, add it to the end of the $PATH
('export PATH=$PATH:.') so you won't execute scripts and binaries with
the same name as system programs when you didn't want to. If you insist
on having your own 'ls', you could either use ./ls or add an alias for
it in .bash_profile ('alias ls=$HOME/myscripts/ls').

[Ok, this isn't on perl anymore. Sorry.]


Magni :)
-- 
sash is very good for you.

More information about the Courses mailing list