On Sun, 2005-01-23 at 23:43 -0500, Travis Crump wrote: > Ron Johnson wrote: > > On Sun, 2005-01-23 at 20:59 -0500, Scotty Fitzgerald wrote: > > > >>I know, this has to be a really dumb question. I must be > >>missing something really simple on this one. I want to point > >>out that googled up and down but must be asking google the > >>wrong thing. > > > > [snip] > > > >>I type "a.out" into bash and I get "command not found" > >> > >>Is there something I have to do to tell bash that this > >>executable is an executable, or did I leave out a step? > > > > > > Why, I bet you're asking yourself, doesn't bash first look in . > > when you want to execute a script? > > > > Security. Let's say someone hacks into your account, and puts in > > a program named "ls" that is really a shell script that does > > "rm -rf ~". You see the problem... > > > > This is why putting . and ~/bin in your PATH are very bad ideas. > > > > I understand . since . could potentially be an insecure directory like > /tmp, but what is wrong with ~/bin? If an attacker is able to place a > binary in ~/bin doesn't he already have the permissions to do "rm -rf ~" > himself? . is all that is necessary for an immediate attack. For sabotage, though, ~/bin would be better suited. -- ----------------------------------------------------------------- Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. 484,246 sq mi (1,254,197 sq km) are needed for 6 billion people to live, 4 persons per lot, in lots that are 60'x150' (a nice suburban US plot). That is ~ California, Texas and Missouri. Alternatively, France, Spain and The United Kingdom.
Attachment:
signature.asc
Description: This is a digitally signed message part