* Jeff Waugh ([EMAIL PROTECTED]) wrote :
yet another excellent explanation!
>
>
> Extra credit for the person who explains why '.' isn't in everyone's $PATH
> by default.
Short Answer: security! (what else ;) )
Longer Answer:
OK. so your path is ".:/usr/local/bin/:/bin/:/usr/bin/", and
you're running as root for whatever reason, and move into a
globally writeable directory, such as /tmp or /usr/local, and a
malicious user has put an executable file in that directory with
a common name, such as ls, and all the file is is a shell script
that does, say, 'rm -rf .*'. If '.' is the first thing in your
path, you've just executed the malicious file in the current
directory and are now sitting in front of your screen waiting
for an output from 'ls', while all the time your hard disk is
being wiped. Don't do it kids, it's a bad bad thing!
Belated season's greetings to all from a part of the world
currently at -2C, with snow on the ground, which made me
pause slightly when Anand suggested a BBQ or other christmas
event ;)
-Thom, wanting credit ;)
PGP signature
