Ron Johnson wrote:
On Sun, 2005-01-23 at 20:59 -0500, Scotty Fitzgerald wrote:I know, this has to be a really dumb question. I must be missing something really simple on this one. I want to point out that googled up and down but must be asking google the wrong thing.[snip]I type "a.out" into bash and I get "command not found"Is there something I have to do to tell bash that this executable is an executable, or did I leave out a step?Why, I bet you're asking yourself, doesn't bash first look in . when you want to execute a script? Security. Let's say someone hacks into your account, and puts ina program named "ls" that is really a shell script that does "rm -rf ~". You see the problem...This is why putting . and ~/bin in your PATH are very bad ideas.
I understand . since . could potentially be an insecure directory like /tmp, but what is wrong with ~/bin? If an attacker is able to place a binary in ~/bin doesn't he already have the permissions to do "rm -rf ~" himself?
Description: OpenPGP digital signature