From owner-freebsd-questions  Tue Jan  9 21:17:49 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id VAA07249
          for questions-outgoing; Tue, 9 Jan 1996 21:17:49 -0800 (PST)
Received: from who.cdrom.com (who.cdrom.com [192.216.222.3])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id VAA07242
          for <questions@freebsd.org>; Tue, 9 Jan 1996 21:17:44 -0800 (PST)
Received: from tulpi.interconnect.com.au (root@tulpi.interconnect.com.au [192.189.54.18])
          by who.cdrom.com (8.6.12/8.6.11) with ESMTP id VAA29612
          for <questions@freebsd.org>; Tue, 9 Jan 1996 21:17:22 -0800
Received: (from ahill@localhost) by tulpi.interconnect.com.au id QAA22531
  (8.6.11/IDA-1.6); Wed, 10 Jan 1996 16:13:51 +1100
Date: Wed, 10 Jan 1996 16:13:50 +1100 (EST)
From: Anthony Hill <ahill@interconnect.com.au>
To: David Brockus <dbrockus@cyberhall.com>
cc: FreeBSD questions <questions@freebsd.org>
Subject: Re: Paths in FreeBSD
In-Reply-To: <Pine.BSF.3.91.960109141015.7219A-100000@cyber1.cyberhall.com>
Message-ID: <Pine.BSI.3.91.960110155447.18958F-100000@tulpi.interconnect.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
Precedence: bulk

On Tue, 9 Jan 1996, David Brockus wrote:

> I am running FreeBSD 2.0.5R.  I have a problem with the path settings.  
> I have a prolem with directories that are not in the path.  I can not 
> execute a files in those directories by just typing thier name.  I must 
> type 
> 
> ./
> 
> to indicate the current directory and then type the file name.
> 
> Adding "." to the path in the .cshrc file seems to fix this but I get 
> this error message
> 
> Warning: exported path contains relative components.
> 
> I was wondering what the correct solutions is? Thanks in advance

Typing ./ before the command is the correct solution. Adding . to roots 
path is a definate big security risk. An anonymous FTP user could easily 
trick you into executing a script that would give him full root access to 
you machine by nameing the script something like "ls" and copying somewhere 
he does have write permission. (typically /tmp). Next time you do an "ls" in 
/tmp, you system gets a new root user.

The ./ ensures you are executing the command you expected to. Roots path 
should never contain a directory other non-su'ed users ever have write 
permissions to. Try to avoid using root as much as possible anyway.

(This stuff should be in the FAQ/handbook - newbies getting hacked because 
they lack basic info like this will eventually get FreeBSD a bad name as 
far as security goes.)