Re: Trivial script will NOT execute
On Sat, Nov 05, 2016 at 10:42:46AM -0500, David Wright wrote:
> The current working directory is included here three times???at the
> beginning, middle and end.
>
> :/usr/bin::/bin:.
Including the current directory in one's PATH (either by using "."
explicitly, or by using an empty string) is considered a bad practice.
It opens you up to certain exploits by malicious users.
The classic example is that a malicious user puts a program named "sl"
in the /tmp directory, and waits for someone (preferably root) to
change directory to /tmp and then mistype "ls" as "sl". This runs the
malicious user's program with the other user's privileges.
Thus, it's strongly recommended that you do *not* put the current
working directory into PATH. If you need to execute a program in
the current directory, you can invoke it with a leading ./
./myscript
This bypasses the PATH lookup (because the command name contains a
slash character). The leading "." is simply a directory name, not
anything magic to the shell.
> One other point. I see you use spaces in your filenames. Regardless of
> this, you should quote your strings in such as FILENAME=$F$N$E
In a simple assignment like that, you don't need to quote. Word
splitting and pathname expansion are not performed, for legacy
reasons. However, quoting doesn't hurt.
http://mywiki.wooledge.org/Quotes
Reply to: