[3777] in Athena Bugs
I sent the following message last week. It may have got lost.
daemon@ATHENA.MIT.EDU (oneway@athena.mit.edu)
Tue Dec 5 21:13:24 1989
To: bugs@ATHENA.MIT.EDU
Cc: oneway@ATHENA.MIT.EDU
Date: Tue, 05 Dec 89 21:12:50 EST
From: oneway@athena.mit.edu <oneway@ATHENA.MIT.EDU>
Here it is again:
------- Forwarded Message
Received: by ATHENA-PO-1.MIT.EDU (5.45/4.7) id AA27904; Tue, 28 Nov 89 20:26:56 EST
Received: from HAWAII.MIT.EDU by ATHENA.MIT.EDU with SMTP
id AA03673; Tue, 28 Nov 89 20:26:48 EST
From: oneway@ATHENA.MIT.EDU
Received: by HAWAII.MIT.EDU (5.61/4.7) id AA03432; Tue, 28 Nov 89 20:26:33 -0500
Message-Id: <8911290126.AA03432@HAWAII.MIT.EDU>
To: bugs@ATHENA.MIT.EDU
Cc: oneway@ATHENA.MIT.EDU
Subject: Placement of . (current directory) first in path
Date: Tue, 28 Nov 89 20:26:19 EST
Today, when logging in with no home directory, I discovered that the
athena default path places . first in the path. This is not a good
idea as it makes one susceptible to trojan horses. This represents a
special security problem at MIT where there are a large number of
"hackers" that are users. With all the emphasis on security and
protection as of late, especially with the national attention to
computer viruses, I find it ironic that the athena system defaults to
a behavior that permits one of the "oldest tricks in the book." If
the . were simply placed in the path last (or at least after the
system binary directories) the athena system would be much more secure.
I discussed this for a while through
zephyrgrams with some other users and consultants who felt this should
be fixed as soon as possible. It should not be too difficult to
change the default .cshrc file which sets the path with the current
directory first in the path. If a user wants to change it so that he
is vulnerable to trojan horses, than that is his choice, but the
novice users, who simply gets a default path, is the person who most
needs protection against trojan horses. Athena should provide this
protection.
Could you please reply to me to let me know if and or when this problem
will be resolved.
Ken Streeter
oneway@athena.mit.edu
------- End of Forwarded Message
