> "rsnyder" == Bob Snyder <rsnyder @
com> writes: rsnyder>
> If the user has rsnyder> /etc in his read permission path, it could
> grab the password rsnyder> file and send it out though any number of
> Many of our users have /etc (and /usr/etc) in their paths, for
> various silly reasons. (like wanting ping(1) in their path.)
> It's not uncommon.
I'm sorry, I didn't make myself clear. Hotjava has (this is from memory,
Hotjava won't compile on my home system yet) environmental variables it uses
like JAVA_READ_PATH and JAVA_WRITE_PATH that specify where applets can read
and write to.
The defaults for these are a bit more open then I would prefer, but it is
controllable, and I don't believe it includes any system dirs by default.
(Again, from memory.)