Security path perfection
fostel at ncsu.UUCP
fostel at ncsu.UUCP
Sat Aug 6 03:29:32 AEST 1983
Recently, someone recounted a story of why a ./ in the path was a
bad idea, involving a program called "du", meaning delete user, not
disk usage. A freindly little annecdote. I smiled when I read it.
More recently, someone else tried to saveage that little story,
casting aspersions upon the participants in order to repudiate the
conclusion -- that paths and redundant names can GETCHA! This second
note did not leave me smiling. First, the tone was very unkind;
second, the implication was unsuported. Is it really true that a
sufficeiently high quality UNIXOID can avoid ever making the kinds
of mistakes the annecdote broadly addresses via a simple example?
What need safety precautions! Just do everything right!
This sort of meglomania is at the core of many serious problems in the
computer business today; Seuse [1] provides an interesting annecdotal
investigation of the phenomonon in a classic work on the subject.
Indeed, that presentation nicely parallels the usual pattern on a
UNIX: the wizard proclaims that he can work magic, does so, trys to
do a bit more, eventually messes up gloriously, leaving all spectators
fearing the worst. BUT NO! In the nick of time, the wizard performs
yet more powerful magic and the mess is miraculously cleaned up.
Do we really want this sort of industry?
--------------
[1] Seuse, Dr.; THE CAT IN THE HAT; Available in most bookstores, or
your parents attic.
More information about the Comp.unix.wizards
mailing list