[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why having the . at the end of someone's PATH is a security ?

shaulk@netvision.net.il (shaul) writes:

> > There shouldn't be a "." in your PATH; even at the end, it's a
> > security risk. 
> Why ? How it can be exploited ?

I place a common misspelling of a common command in a directory you
might explore; for example, "sl" for "ls", and wait for you to cd into 
that directory and execute it by accident.

It's a good idea to type "./command" whem you mean it, and not
otherwise.  Executing stuff wherever you happen to be is not a good
idea and isn't what PATH is for.  I appreciate that mostly people
would choose dancing elephants over security every time right up until 
the point they get hacked, but if you prefer to be wise before the
event then every element in your path will be absolute.
\/ o\ paul@hedonism.demon.co.uk         Edinburgh fetish club Permission \ /
/\__/ Paul Crowley      Nov 8 http://www.hedonism.demon.co.uk/permission /~\

Reply to: