'.' in path, summary

[BGanesh <BGa@xxxxxxxxxxxxx>]

Hi,

	Thx to both Manas Garg and Binand Raj for the clarifications. here is a
summary and couple of questions :

putting '.' in your path is evil. 
If it occurs at the beginning of $PATH, it is an accident waiting to
happen.

if it occurs in the end, there is a lesser probability of damage, but
equally severe.

Both of you have pointed out that a rouge executable in the /tmp would
be the gateway to disaster. Also, this seems to affect the _system_ only
when the root does The Stupid Thing (TM).

Let us assume that the sysadmin is dumb enough to put the '.' in the
path but not dumb enough to put it at the beginining.

Notes : The hack relies on the syadmin making a typo in the /tmp
directory, esp for simple two/three character commands. So I guess even
command line completion (like in bash) wouldn't prevent this. 

questions (fm a newbie perspective) : what is the /tmp directory used
for anyway? Who's got access to it ? drwxwxrwx ? Would eliminating the
presence of any executable in the /tmp resolve this once and for all?

To eliminate the executables in the /tmp directory you could simply run
a cron job that checks the type of file for each file in the /tmp
directory. Since this would be periodic, it might be better to run a
background process that does a 'select' on the /tmp directory and cheks
the files whenever it gets notifed of a change in the directory. Of
course, since I don't know the purpose of the /tmp I might be wrong on
this. pls clarify...

thx
BGa

- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/

------------------------------