.
Last update: 1997-05-20
9945-2-38 _____________________________________________________________________________ Topic: ex - extended desciption Relevant Sections: 5.10.7 Classification: defect Defect Report: ----------------------- Reference: Page 519, Section 5.10.7, "Extended Description" The specification that ``no .exrc file shall be read unless it is owned by the same user ID as the effective user ID of the process'' is necessary but not sufficient. To keep the .exrc files from being a security problem, the file should not be read if it is writeable by anyone other than the owner. (Keith Bostic) WG15 response for 9945-2:1993 ----------------------------------- The standard states the required behavior and conforming implementations shall conform to this. Concerns about the wording of this part of the standard have been forwarded to the sponsor. Rationale for Interpretation: ----------------------------- Interpretations cannot make substantive changes to the standard. This may be considered for a future revision. _____________________________________________________________________________