On Mon, 17 Nov 2003, Michael Holt wrote:

> What effect does it have?  It means you can execute hidden files?  If
> that's the case, couldn't you do that anyway - if you knew what the
> filename was?  I suppose just for policy, you would want as few things
> in a users path as possible - is that just what it's about?

What having ":.:" (or its equivalent, "::") in your $PATH does is allow 
the current working directory to be included in any search for executable 
files. This is (wisely, IMHO) considered to be a security risk, as it can 
lead to the execution of a file other than the one you had intended, if 
that file has the same name and the ":.:" appears earlier in the PATH than 
the directory in which the intended file resides.

Obviously, it is *far* more important that such an entry not be part of 
root's PATH than a user's, but it's a risk in the latter case as well.

Bill Mullen   [EMAIL PROTECTED]   MA, USA   RLU #270075   MDK 8.1 & 9.0
"In communities where men build ships for their own sons to fish or
fight from, quality is never a problem." -- J. A. Dever

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to