1 |
On Wednesday 19 September 2007, Mike Doty wrote: |
2 |
> John R. Graham wrote: |
3 |
> > like sys-apps/miscfiles. But where it should or shouldn't come from |
4 |
> > doesn't answer the fundamental question, "Shouldn't it be there, from |
5 |
> > *some* source?" |
6 |
> |
7 |
> Easy answer: no. Do you really want any script to automatically run |
8 |
> when you login as root? think of exploits and the ability to do |
9 |
> "/bin/echo rm -rf / >> /root/.bash_profile" |
10 |
|
11 |
coreutils will not `rm -rf /`: |
12 |
rm: cannot remove root directory `/' |
13 |
|
14 |
that said, anyone who has write access to /root owns the system ... whether |
15 |
the file exists by default is irrelevant |
16 |
-mike |