Re: Avoiding to type "./" before command if in same directory ?

---

• From: Lee Sau Dan <danlee@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 05 Jun 2006 16:22:12 +0800

---

"AZ" == AZ Nomad <aznomad@xxxxxxxxxxxxxx> writes:

AZ> On Sat, 03 Jun 2006 18:18:48 +0100, Robert Hull
AZ> <Robert@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>> Unless you have a less than perfect firewall set up, or you
>> have missed a security patch on any software that runs on your
>> machine, or you have done anything else that means that your
>> security is not 100.0%

AZ> Can you name one case of that happening? If somebody has
AZ> broken into your machine, why would they put in a trick 'ls'
AZ> on your account to damage your user files? They just go ahead
AZ> and do the damage without messing with trick executables in
AZ> your home directories.

How about this: a hack discovers a ??? hole in Apache, and exploits it
to gain shell access to your machine. But fortunately, Apache's httpd
only runs as "nobody", and hence he can only get the permissions of
"nobody". No, he installs a fake "ls" script under /tmp and make it
executable. You "cd tmp; ls". Haha... The fake "ls" script then
(running with the permissions of your user account) monitors your
keyboard activities and send them out to somewhere that the hacker can
examine.


Take the advice. Treat "." in PATH as *bad habit*. That's the wisdom
of Unix users and sys admins accumulated over the past decades. It's
unwise to ignore others' experience.


--
Lee Sau Dan 李守敦 ~{@nJX6X~}

E-mail: danlee@xxxxxxxxxxxxxxxxxxxxxxxxxx
Home page: http://www.informatik.uni-freiburg.de/~danlee
.

---

• Follow-Ups:
  • Re: Avoiding to type "./" before command if in same directory ?
    • From: The Natural Philosopher

• References:
  • Re: Avoiding to type "./" before command if in same directory ?
    • From: Nico Kadel-Garcia
  • Re: Avoiding to type "./" before command if in same directory ?
    • From: AZ Nomad
  • Re: Avoiding to type "./" before command if in same directory ?
    • From: Robert Hull
  • Re: Avoiding to type "./" before command if in same directory ?
    • From: AZ Nomad

• Prev by Date: no success in mounting digital camera as USB mass storage
• Next by Date: Re: Avoiding to type "./" before command if in same directory ?
• Previous by thread: Re: Avoiding to type "./" before command if in same directory ?
• Next by thread: Re: Avoiding to type "./" before command if in same directory ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Avoiding to type "./" before command if in same directory ? ... a security patch on any software that runs on your machine, ... and do the damage without messing with trick executables in your ... Who said anything about root having "." ... (comp.os.linux.misc) Re: Cannot create an ASP.NET Project ... This would be an issue with the FP server extension permissions probably. ... Often a security patch may cause windows to do ... I have tried numerous times to create an ASP.NET project to no ... (microsoft.public.dotnet.framework.aspnet) Re: Avoiding to type "./" before command if in same directory ? ... a security patch on any software that runs on your machine, ... and do the damage without messing with trick executables in your ... emulating Microsoft behaviour is only one of them, ... (comp.os.linux.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.misc  > 2006-06