[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dangerous to have ~/bin first in $PATH [was Re: Odd Path issue]

Once upon a time Russell said...
> Colin Watson wrote:
> > 
> > I think a more sensible rule is to only put directories in $PATH that
> > are at least as trusted as the relevant account. Thus, /usr/bin and so
> > on are always fine, ~/bin is only fine for the owning user, and . is
> > never a good idea.
> 
> Why is ./ in the path bad? If someone hacked in, couldn't they
> set the path to anything they wanted?

On a PC-style unix box (only one user) it doesn't make much difference,
but in a multi-user unix environment with people sharing directories and
files, someone could potentially trick you into running their program.

If you have . early in your path, a program called 'ls' in the current
directory could be run instead of /bin/ls. If you have . at the end of
your path, you can be caught with common typos. eg. a program called
mroe or mkae (typos of more and make).
Reply to: