Konstantin Svist wrote: > John Cornelius wrote: >> It's not a bug, it's supposed to work that way. The behavior can be >> changed by: >> sh-4.0# PATH=$PATH:. > > I used to do this because that's how Windows does it -- until I realized > how bad of an idea it really is. > > Suppose you're root, looking around in a user-writable directory. And > suppose that some user placed a malicious executable called "ls" in that > directory (maybe as simple as echo "rm -rf /" >> ls; chmod 777 ls). > Suddenly, you're executing "ls" - but not the one you think.
Well, not really, since /bin would be in PATH before '.'. But still, you're right that it's generally a pretty bad idea to put '.' into PATH. :) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It is OK to let your mind go blank, but please turn off the sound.
pgpJT9BfuLLUR.pgp
Description: PGP signature
-- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
