[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ".profile" & BASH in PATH?

On Mon, Sep 13, 1999 at 02:08:23AM -0700, bwarsing wrote:

> 
> ----- Original Message -----
> From: Juli-Manel Merino Vidal
> 
> > To run a script from the current directory: ./shell.script
> > This is because the currect directory isn't in the path, for security
> reasons.
> 
> Can you elaborate?  Should this be changed? How do I fix this?
> Thanks,
> bw.
> 
> 

Of course. Imagine that a user put a dangerous program in /tmp
(directory in which everybody can write) named ls. If the root user
have the ./ directory in the path and he is in /tmp, if he run 'ls',
the system will start /tmp/ls and not /bin/ls. So, the dangerous ls
can do what it wants.

Bye.

-- 
-----------------------------------------------------------------------
                  -----> Powered by Debian/GNU Linux <-----
                  --> Linux User 140860   Machine 61143 <--

Juli-Manel Merino Vidal <jmmv@mail.com>        -  --   -- --   -- -   -
http://jmmv.cjb.net    /  My homepage          |  | | | | | | | |  | |
http://www.debian.org  /  Best linux dist.  |  |  |  |  | |  |  |  | |
http://www.gnu.org     /  GNU Project       ---|  |     | |     |   |
Reply to: