root操作普通用户可以写的目录中的文件或程序会有危险么?
是不是指那个用户建立了ls find grep 之类的同名恶意程序,那么root用户执行ls等内部命令的时候会先去执行它们?作者: r2007 时间: 2007-06-22 19:49
The command path for the root user is very important. The command path (that is, the PATH environment variable) specifies the directories in which the shell searches for programs. Try to limit the command path for the root user as much as possible, and never include . (which means "the current directory") in your PATH. Additionally, never have writable directories in your search path, as this can allow attackers to modify or place new binaries in your search path, allowing them to run as root the next time you run that command.