Re: Why having the . at the end of someone's PATH is a security ?

To: shaulk@netvision.net.il (shaul)
Cc: rathon <rathon01@usa.net>, debian-user@lists.debian.org
Subject: Re: Why having the . at the end of someone's PATH is a security ?
From: Paul Crowley <paul@hedonism.demon.co.uk>
Date: 15 Oct 1998 00:33:42 +0100
Message-id: <[🔎] 87yaqin2g9.fsf@hedonism.demon.co.uk>
In-reply-to: shaulk@netvision.net.il's message of "Wed, 14 Oct 1998 23:28:55 +0300"
References: <[🔎] m0zTXXU-0002AbC@rakefet>

shaulk@netvision.net.il (shaul) writes:

> > There shouldn't be a "." in your PATH; even at the end, it's a
> > security risk. 
> 
> Why ? How it can be exploited ?

I place a common misspelling of a common command in a directory you
might explore; for example, "sl" for "ls", and wait for you to cd into 
that directory and execute it by accident.

It's a good idea to type "./command" whem you mean it, and not
otherwise.  Executing stuff wherever you happen to be is not a good
idea and isn't what PATH is for.  I appreciate that mostly people
would choose dancing elephants over security every time right up until 
the point they get hacked, but if you prefer to be wise before the
event then every element in your path will be absolute.
-- 
  __
\/ o\ paul@hedonism.demon.co.uk         Edinburgh fetish club Permission \ /
/\__/ Paul Crowley      Nov 8 http://www.hedonism.demon.co.uk/permission /~\

Reply to:

References:
- Why having the . at the end of someone's PATH is a security ?
  - From: shaulk@netvision.net.il (shaul)

Prev by Date: Re: DebainNet.pm location
Next by Date: Re: BROWSER
Previous by thread: Re: Why having the . at the end of someone's PATH is a security ?
Next by thread: Motherbnoard Sound Device
Index(es):
- Date
- Thread