[NTLUG:Discuss] Shortcuts

[Aaron Goldblatt]

> The reason why ./ (or just .) is not in the default path is because it
> can open a security hole thusly...  Someone with access to your account
> could add a file called 'ls' in a directory that you change to, and
> then if "./" is the first element of your path, this new "ls" would be
> executed instead of /bin/ls.  Which is not a good thing.

I suppose if someone has access to your account, they can add the ./ to the 
path statement at the same time they drop in the ls script, and so the real 
securty breach is giving someone else access to your account, not including 
./ in the search order.

Or, if they have access to root, they can do whatever the heck they want 
directly and not bother with fooling you into running some script that would 
only run as your user account anyway (you don't normally operate as root 
day-to-day, do you?).

If they don't have access to your account but are instead sticking the file 
in some world-writeable directory and hoping you'll travel there, would not 
putting ./ at the END of your PATH declaration pretty well close this hole?  
The search order would then find, say, ls in /bin prior to searching ./.

Oh, and a quick note for the person who mentioned the similarity to the PATH= 
statement in AUTOEXEC in DOS:  In DOS, the current directory is always 
included in the search order even if you do not explicitly specify it.  In 
*nix, the current directory isn't included in the search order unless you 
explicitly specify it as previously described.

Also note that in both *nix and DOS you can specify in your PATH declaration 
another useful path:  ../ (or just .. in DOS).   By specifying .. in your 
PATH, you include the parent directory in your search path as well, which can 
be useful when you're messing around with some newly-downloaded tool.  The 
security implications, however, have already been discussed.  Pay attention 
to what you're doing if you do this.

ag