Re: Why can't I execute a script??

["E.L. Meijer \(Eric\)" <tgakem@sg10.chem.tue.nl>]

> 
> 
> "Helge Hafting" wrote:
> 
> > You don't have "." in your path, so files are *not* considered executable
> > just because they are in the *current* directory.
> > 
> > This is a security feature.  (Some user could make a nasty script called
> > "ls"  or similiar in his home directoy.  If you try to look at his files
> > with ls the nasty script is invoked instead.)
> >
> > Ways of solving the problem:
> > 
> > 1. Create ~/bin and add that to your path. 
> >                      This works well and has no security problems.
>                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> If some user is capable of putting a fake `ls' in a random directory where
> you might trip on it, that user is far more likely to put it in your ~/bin
> directory!  (Same privileges are required) 

If you set your ~/bin directory writable for anyone but yourself, you
get what you deserve.  If someone has root permissions, you cannot defend
yourself against their malicious attacks anyway.  `Random' directories
where trojan scripts are likely to live are /tmp, /var/spool/* and the
like.

Eric

-- 
 E.L. Meijer (tgakem@chem.tue.nl)          | tel. office +31 40 2472189
 Eindhoven Univ. of Technology             | tel. lab.   +31 40 2475032
 Lab. for Catalysis and Inorg. Chem. (TAK) | tel. fax    +31 40 2455054