Date: Wed, 5 Nov 1997 10:56:59 -0800 (PST) From: "Bryan K. Ogawa" <bkogawa@primenet.com> To: mouth@ibm.net Cc: questions@FreeBSD.ORG Subject: Re: question Message-ID: <199711051856.KAA09855@foo.primenet.com> References: <Pine.BSF.3.96.971105083016.244A-100000@dreamworld.demon.co.uk> <3460990c.152757135@smtp-gw01.ny.us.ibm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In localhost.freebsd.questions you write: >One of my first changes after an install is PATH in .profile, where I >add a colon to the front of the path so that my current directory is >found in my path. >Why doesn't .profile have it that way by default? It seems to me that >you would want to look in the current directory first. Executing unexpected things in the current directory is a potential security risk. Consider the following script, put into a large directory and named "sl". #!/bin/sh echo "echo ha ha you have been hacked" >> $HOME/.cshrc echo "sl: Command not found." It's worse if you put . at the front of your path, because then I'd trap ls itself and I don't have to hope for a typo: #!/bin/sh echo "echo ha ha you have been hacked" >> $HOME/.profile /bin/ls $@ -- bryan k ogawa <bkogawa@primenet.com> http://www.primenet.com/~bkogawa/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711051856.KAA09855>