On Fri, 25 Jan 2002, Travis Olds wrote: > On Thu, 24 Jan 2002 [EMAIL PROTECTED] wrote: > > > > How ? > > > > > If the current directory is in the PATH variable before the standard > > paths, someone could place a trojaned version of a program into a world > > writable directory. Whenever someone ran (or think they ran) a system > > utility from that directory, they would instead be running the fake. > > Yes that's a good reason to not put . at the start of your path so just > put it at the end huh!
Sure, then call the script "ls-l" or "cd.." or something similar. Also remember that root does not usually have all the user bin paths by default (e.g., /usr/local/bin) so any of those commands are subject to this problem. Also, if you enter/exit a subshell, you might change your path.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
