[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: su



On Tue, Sep 26, 2006 at 01:38:05PM +0930, Tim wrote:
> su - tim -c "/usr/bin/fetchmail -d 900"

Seeing this reminds me of something we've done in Unix since time
immemorial.  Rather than typing a privileged command 'naked' and letting
the PATH variable find it, common wisdom has always been to code--or type,
if you're using it interactively--the entire path, e.g., "/usr/bin/su",
on the off chance that someone could drop a trojan executable somewhere
in your path.  Similar to never having "." in your path when running
privileged.

Cheers,
--
	Dave Ihnat
	President, DMINET Consulting, Inc.
	dihnat dminet com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]