If an attacker can trick root or even another user into running a command, they will
be able to gain access to data or privileges they shouldn’t have. One way to trick
another user into running a malicious program is to create an alias to some other
common program (e.g., ls).
The leading \, which suppresses alias expansion, is very important because without
it you can do evil things like this:
$ alias unalias=echo
$ alias builtin=ls
$ builtin unalias vi
ls: unalias: No such file or directory
ls: vi: No such file or directory
$ unalias -a
-a
Không có nhận xét nào:
Đăng nhận xét