Re: ./ in PATH, always bad?
On Fri, Jul 13, 2001 at 02:53:37PM -0700, Craig Dickson wrote:
> D-Man wrote:
>
> > Sure it's a "flaw" : suppose someone creates an executable trojan in
> > "the current directory" named 'cd'. If '.' is the first thing in the
> > path you will execute the trojan rather than the usual /bin/cd.
>
> s/cd/ls/g for a better argument. cd is a shell builtin; there is no /bin/cd.
Or, even better, su. Nice easy way to grab a root password...
--
Brian Nelson <nelson@bignachos.com>
Reply to: