su
Dave Ihnat
dihnat at dminet.com
Tue Sep 26 12:04:32 UTC 2006
On Tue, Sep 26, 2006 at 01:38:05PM +0930, Tim wrote:
> su - tim -c "/usr/bin/fetchmail -d 900"
Seeing this reminds me of something we've done in Unix since time
immemorial. Rather than typing a privileged command 'naked' and letting
the PATH variable find it, common wisdom has always been to code--or type,
if you're using it interactively--the entire path, e.g., "/usr/bin/su",
on the off chance that someone could drop a trojan executable somewhere
in your path. Similar to never having "." in your path when running
privileged.
Cheers,
--
Dave Ihnat
President, DMINET Consulting, Inc.
dihnat at dminet.com
More information about the fedora-list
mailing list