From help-octave-request at bevo dot che dot wisc dot edu Fri Jan 16 13:01:18 2004
Subject: Re: alias-like function?
From: "John W. Eaton" <jwe at bevo dot che dot wisc dot edu>
To: taltman at lbl dot gov
Cc: Geraint Paul Bevan <g dot bevan at mech dot gla dot ac dot uk>,    =?ISO-8859-1?Q?S=F8ren_Hauberg?= <soren@hauberg.org>,    help-octave <help-octave@bevo.che.wisc.edu>
Date: Fri, 16 Jan 2004 11:00:55 -0800

On 15-Jan-2004, taltman at lbl dot gov <taltman@lbl.gov> wrote:

| This is a security risk. If for any reason someone gets write-access to 
| your local ~/bin directory, they can place scripts in there that can 
| masquerade as the authentic system programs, like "passwd", etc.
| 
| Generally not recommended.

I don't ever remember hearing that having a private ~/bin directory is
a security risk.

The common PATH-related security problem on Unixy systems is to put
"." in your PATH.  Doing that opens you up to attacks from people who
might put malicious programs in places like /tmp, where you might
reasonbly want to run programs like "ls" and instead of (or in
addition to) listing the contents of /tmp, you find yourself removing
all your files, etc.

But overriding system defaults and adding new commands in your own
~/bin directory is the Unix way.

If someone can get write access to your ~/bin directory, then that is
the security problem, not whatever programs you put there yourself.

jwe



-------------------------------------------------------------
Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:  http://www.octave.org
How to fund new projects:  http://www.octave.org/funding.html
Subscription information:  http://www.octave.org/archive.html
-------------------------------------------------------------