On 1 September 2011 10:39, Philipp Kern <[email protected]> wrote:
>> That might be worth considering for Linux
> You shouldn't do that there's the slightest possibility that you end up in an
> untrusted path (where somebody can drop executable files) with cd and execute
> something there (think of "ls").
>
> That's why "." isn't in the PATH by default and normally shouldn't be.
It's actually not so problematic for non-privileged users, specially if
you tack the dot at the END of your PATH; system executables for e.g.,
'ls' will be found before the maliciously placed file in /tmp
export PATH=${PATH}:.
Cheers,
Andrej
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
