lotus



previous page: 022.  I removed Linux from my system, but now DOS won't boot because LILO is still there. How do I remove LILO?
  
page up: Brief Linux FAQ
  
next page: 024.  I can't execute my script/program. I can list the file with ls -l and it is there with the correct permissions:

023. I want to add '.' to root's PATH, to allow me to not have to put ./ in front of every local command I type. But I hear this is a bad thing. Why?




Description

This article is from the the Brief Linux FAQ (BLFAQ) Maintained by Neil Zanella nzanella@ganymede.cs.mun.ca

023. I want to add '.' to root's PATH, to allow me to not have to put ./ in front of every local command I type. But I hear this is a bad thing. Why?

Adding '.' to root's PATH would be a security risk. Imagine the case where a malicious user creates a file called /tmp/ls containing a command sequence such as

# Caution: This script removes everything from the Linux file system.
cat /tmp/ls
rm -Rf /

and you as root wander into temp and want to see what files are there. If the . occurs in root's path before /bin then typing ls at the shell prompt will execute the malicious command instead. Alternatively, the malicious command could be named mroe, ls-l, caat, lss, or similar in which case a typo on root's behalf would cause it to be executed even if . is the last entry in root's path. Finally, the malicious command may be set to copy /bin/bash to a hidden spot and change permissions of the copy to suid ( -rws---r-x ) so that anyone executing the hidden copy would have root permissions.

 

Continue to:















TOP
previous page: 022.  I removed Linux from my system, but now DOS won't boot because LILO is still there. How do I remove LILO?
  
page up: Brief Linux FAQ
  
next page: 024.  I can't execute my script/program. I can list the file with ls -l and it is there with the correct permissions: