Re: ./ in PATH, always bad?

To: debian-user@lists.debian.org
Subject: Re: ./ in PATH, always bad?
From: Alan Shutko <ats@acm.org>
Date: Mon, 16 Jul 2001 09:34:40 -0400
Message-id: <[🔎] 87snfxgfrh.fsf@wesley.springies.com>
In-reply-to: <[🔎] 01071608583002.00664@cj-523-526.hamilton.edu>
References: <[🔎] 20010713145337.A1663@crdic.ath.cx> <[🔎] 01071608583002.00664@cj-523-526.hamilton.edu>

Nathan Weston <nweston@hamilton.edu> writes:

> So if your path is "/bin:/usr/bin:./", it will only search ./ if it
> doesn't find the command in /bin or /usr/bin. Which means that there
> is much less danger of someone replacing a standard program with a
> trojan.

It just means the attacker has to be a bit smarter and use typos.
"sl", anyone?

-- 
Alan Shutko <ats@acm.org> - In a variety of flavors!
DM ADVICE: Never reward a player who serves you Kool-Aid and crackers.

Reply to:

Follow-Ups:
- Re: ./ in PATH, always bad?
  - From: "Eric G. Miller" <egm2@jps.net>

References:
- Re: ./ in PATH, always bad?
  - From: Craig Dickson <crdic@yahoo.com>
- Re: ./ in PATH, always bad?
  - From: Nathan Weston <nweston@hamilton.edu>

Prev by Date: Re: Why is setting up X so arcane? (SOLVED!!!)
Next by Date: Re: ./ in PATH, always bad?
Previous by thread: Re: ./ in PATH, always bad?
Next by thread: Re: ./ in PATH, always bad?
Index(es):
- Date
- Thread