[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: c programming in Linux

Subject: Re: c programming in Linux
From: Sudhakar Chandrasekharan <thaths@xxxxxxxxxxxx>
Date: Wed, 23 Jun 1999 09:47:30 -0700

Shashank Banerjee proclaimed:
> >> I put ./ in my bash_profile's path.
> >On a Unix system, that is akin to suicide. You may believe it makes life
> >easier, but in reality you are defeating the safety mechanism.
> Safety mechanism... what kind? Could you please elborate?

What if J. Malicious Cracker broke into your system and placed a program
called 'ls' in some directory?  If '.' precedes other directories in your
$PATH you would be running Malicious's ls instead of the system ls when you
run ls in the directory where J.M.C's ls is located.  And J.M.C's ls could
be doing unspeakable things to your machine.

This problem is compounded a few times if root is the user with '.' in
their $PATH.  Seasoned system admins have learnt to type the full path of
the various commands.

Thaths
- -- 
"Air show?  Buzz-cut Alabamians spewing colored smoke from their whiz
jets to strains of 'Rock You Like A Hurricane?'  What kind of countrified
       rube is still impressed by that?"  -- Sideshow Bob
Sudhakar C13n http://people.netscape.com/thaths/ Lead Indentured Slave
- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
Linux India is NOT a forum for Microsoft/India/Pakistan/US/UK bashing.
Flame baits will not be tolerated.  If you can appreciate satire read
http://www.templetons.com/brad/emily.html

------------------------------

Prev by Subject: RE: c programming in Linux
Next by Subject: Re: c programming in Linux
Previous by thread: RE: c programming in Linux
Next by thread: Re: c programming in Linux
Index(es):
- Subject
- Thread