[4155] in bugtraq
Re: Secuirty Hole In Older Perl Installs...
daemon@ATHENA.MIT.EDU (Christian Groessler)
Tue Mar 11 13:24:50 1997
Date: Tue, 11 Mar 1997 17:15:25 +0200
Reply-To: Christian Groessler <chris@FAST-AG.DE>
From: Christian Groessler <chris@FAST-AG.DE>
To: BUGTRAQ@NETSPACE.ORG
On 3/11/97 8:41:23 AM krobson@USA.NET wrote:
> Hi Folks,
>
> Recently I have installed a couple of the distributions of Perl 5.001
from Hip onto NT boxes. Unfortunately Perl updates the system global
> variables and does the following to your path:-
>
> PATH=.;c:\perl;%PATH%
>
> As you can see this makes it extremely easy to create trojan horse type
attacks as it usually ensures that your current directory is read before
> any system directories, etc.
>
AFAIK, unter DOS and NT you always have "." implicilty at the beginning
of your PATH variable.
The dot in the PATH variable above is redundant.
regards
chris
