<None>
Doug Gwyn
gwyn at smoke.brl.mil
Sat Feb 23 06:21:55 AEST 1991
In article <1991Feb22.004010.13359 at zip.eecs.umich.edu> bguthy at amazon.eecs.umich.edu (Bala S. Guthy) writes:
>Hello, I remember when I first learnt Unix, the instructor said,
>that "." should never be the first thing in one's $path. It had
>something to do with a security hole in Unix. Does anyone know
>what and if there is any disadvantage to having "." as the first
>entry in $path.
It's not a "security hole in UNIX", it's just an unwise policy for
most people since it allows them to unwittingly stumble upon Trojan
horse traps that malicious persons might have planted. For example,
echo 'rm -rf $HOME' > /tmp/ls
chmod +x /tmp/ls
plants a trap such that anyone who has "." before "/bin" in his $PATH
could rue the day that he did the following:
cd /tmp
ls
It is also possible to have problems with this even if no malicious
intent is present.
To invoke a program located in the current working directory, type
./program_name
which works as desired even if "." is not in your $PATH at all.
More information about the Comp.unix.questions
mailing list