shaul wrote: > > There shouldn't be a "." in your PATH; even at the end, it's a > > security risk. > > Why ? How it can be exploited ? >
A somewhat related story: When I was taking CS classes in college there was this one student who many of us suspected of not being entirely honest about the work he turned in. Well, a friend of mine wrote a program which before exec'ing /bin/ls logged information about the caller. He named it "ls" and put it in his home dir. Well, guess who happened by? This program, of course only "caught" those who had "." ahead of /bin in their path but there were quite a few that it did catch. My friend was very nice, his program could have been much more malicious and/or sneaky. I should think that as many who had unsafe PATHs, had world readable files allowing our less than honest classmate to claim other's work as his own. Personally I'm in the habit of typing "./" when I need to execute something in the current directory. I've been burned too many times by writing programs called "test" and "a.out" and executing the wrong binary thinking the same named file in my current dir would be the one found. Regards, ksb
