[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: from a.out to running the darned thing.

Ron Johnson wrote:
On Sun, 2005-01-23 at 23:43 -0500, Travis Crump wrote:

Ron Johnson wrote:

On Sun, 2005-01-23 at 20:59 -0500, Scotty Fitzgerald wrote:

I know, this has to be a really dumb question. I must be missing something really simple on this one. I want to point out that googled up and down but must be asking google the wrong thing.


I type "a.out" into bash and I get "command not found"

Is there something I have to do to tell bash that this executable is an executable, or did I leave out a step?

Why, I bet you're asking yourself, doesn't bash first look in .
when you want to execute a script?

Security.  Let's say someone hacks into your account, and puts in
a program named "ls" that is really a shell script that does "rm -rf ~". You see the problem...

This is why putting . and ~/bin in your PATH are very bad ideas.

I understand . since . could potentially be an insecure directory like /tmp, but what is wrong with ~/bin? If an attacker is able to place a binary in ~/bin doesn't he already have the permissions to do "rm -rf ~" himself?

. is all that is necessary for an immediate attack.  For sabotage,
though, ~/bin would be better suited.

But if the saboteur can put something in ~/bin couldn't he at the same time edit ~/.bashrc et al and add ~/bin to the user's path himself?

Genuinely curious.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: