Re: ./ in PATH, always bad?

[D-Man <dsh8290@rit.edu>]

On Fri, Jul 13, 2001 at 04:57:14PM -0400, Daniel Patrick Berdine wrote:
| The Redhat machine I use at work seems to include ./ in the PATH 
| variable, I can always run executables from my current directory 
| without using ./ like on my home debian system.  This has always seemed 
| more convenient to me and I wondered why Debian doesn't do this until I 

It's up to you wether you want it or not.

| read that it is considered a security flaw.  Is this always so? Is 
| there a way to enable this without compromising security?

Sure it's a "flaw" :  suppose someone creates an executable trojan in
"the current directory" named 'cd'.  If '.' is the first thing in the
path you will execute the trojan rather than the usual /bin/cd.

A similar thing happened at school one time, but it wasn't a security
issue.  The professors had a lab which included a program called
'test'.  We (the students) were supposed to run it with certain
arguments and observe the results (or time it or something like that).
It turned out that csh people had to problems.  bash users, however,
kept getting weird results and error messages that had nothing to do
with the lab.  Eventually someone realized that 'test' is a builtin in
bash so when people ran "test" they were not running the sample
program the staff had provided.  Using csh or, after the cause was
known, using './test' in bash would solve the problem.

If you want to have '.' in the PATH, go for it.  Just be aware of what
is in '.' that is executable.

-D