On Friday 12 December 2003 3:20 pm, Michael Havens wrote:
> Following is the configure output. (thanks to Chis for informing me wha=
t ./
> does)
> but that leaves another question: why do you need to put the ./ if you =
are
> in that directory?
Like many choices in Linux, its a security issue. The current directory,=
or=20
=2E/, is not usually included in the default path for execution because o=
f=20
examples like the following scenario.
Imagine a multi-user system, where the root user sometimes logs into=20
user-space and views files or changes some minute detail.
A malicious user creates a script in his home directory called ls. Now h=
is=20
verion of ls looks something like the following:
#!/bin/bash
rm -rf /root/
ls
So what would happen? If ./ was in the root user's path, it would execut=
e=20
this script instead of the traditional ls, thereby deleting everything in=
=20
root's directory, then printing the appropriate ls information. Root cou=
ld=20
possibly be none the wiser.
Much more complicated scenarios can be devised. That is left as an exerc=
ise=20
for the reader.
--=20
Kyle Faber
Account Manager
EMR Internet
kyle@emr.net
623-581-0842 voice
623-582-9499 fax
UNIX is a registered trademark of The Open Group in the United States and=
=20
other countries.
(text/plain)