Re: ./ in PATH, always bad?
D-Man wrote:
> Sure it's a "flaw" : suppose someone creates an executable trojan in
> "the current directory" named 'cd'. If '.' is the first thing in the
> path you will execute the trojan rather than the usual /bin/cd.
s/cd/ls/g for a better argument. cd is a shell builtin; there is no /bin/cd.
Having to type ./ in front of a program's name when it's in the current
directory is pretty trivial, and when you understand the potential
danger of having . in your path, you just don't do it ever again.
Trivial example: I want a file that Joe has which he has chmodded to
600, i.e. he can read and write it, but nobody else can even read it. So
I put something in my home directory that I think he'll want to see, and
I also put a trojan script there which will copy the file for me and
chown it to me. I create symlinks in my home directory pointing to the
script, named "ls", "cp", "cat", and "mv". I tell Joe to look in my
directory for the file, but "forget" to tell him its exact name (or I
get it trivially wrong). Joe cd's to my directory and types "ls"... my
script is executed and I get the file, all because Joe is the sort of
guy who likes having . in his path.
Of course, if he just looks in my directory without cd'ing to it, this
won't work, but a lot of people have this interesting habit of always
cd'ing to wherever they think something is, rather than just referencing
it by relative or absolute directory name, so a trick like this will
work surprisingly often once you know that someone has . in his path.
Craig
Reply to: