Re: help adding start and shutdown script

Matthäus Banach wrote:
Hi Vic,

Vic wrote:

Don't do this...

Part of your security comes from the fact that all commands come from
known places in the filesystem, regardless of where you might currently
be sat. So if you were to pick up something nasty, it could not be
executed accidentally unless it manages to get into a directory on
$PATH; as these are often only writable by root, there's a strong chance
that won't happen.

As soon as you put "." on your path, the commands you type can be
overridden by malware, and strange and wonderful things can result
(although they're unlikely to be pleasant things).


I agree with that. I, personally, wouldn't do it on my own computer. But: If you put "." as the last entry into your $PATH variable, all other directories in your searchpath override executables that reside in the current directory. So the risk is not as big, as it seems at first.

But, to tell it once again: I do not recommend this, if you don't want malware to be theoretically able to override often used commands like "ls", "cd" etc. by placing an executalbe with the same name into a commonly used folder.

And: NEVER DO THAT TO THE ROOT ACCOUNT.

If you want your script to be in path, put it in path. Don't bend path
to meet your script. Copy it into, for example, /usr/local/bin/ and be
done with it.


My alternative: place a symlink in /usr/local/bin.


HTH

Vic.



Matthäus
I created symlinks for the start_net and stop_net scripts in /usr/local/bin. The stop_net script will now execute without typing './' . However the start_net symlink won't work as the file it points to references a /src and /include directory. It gives following error:

Module not found or not readable.
Have you built it? This script expects it to be at .../src/acx_pci.[k]o, relative o the script's location. Bailing...

.

Relevant Pages

  • Re: help adding start and shutdown script
    ... Part of your security comes from the fact that all commands come from ... as the last entry into your $PATH variable, all other directories in your searchpath override executables that reside in the current directory. ... But, to tell it once again: I do not recommend this, if you don't want malware to be theoretically able to override often used commands like "ls", "cd" etc. by placing an executalbe with the same name into a commonly used folder. ...
    (linux.redhat)
  • [SLE] iproute2 (the solution)
    ... commands ARE working though! ... Subject: iproute2 2 ... The problem was indeed in the cbq script. ... IP executables! ...
    (SuSE)
  • =?ISO-8859-1?Q?New_System_Command_Script_Facility?=
    ... I'm currently finished writing a new replacement command script processor ... (at least that RACF thinks so, and better support for non-RACF sites). ... The IF-type commands now have ELSE processing ... non-scroll highlighted console message and BEEP until a specific JOB or TASK ...
    (bit.listserv.ibm-main)
  • Re: Command Line Interface
    ... >> should accept system commands only for an administrator. ... >> how should I supress the bash shell and launch my custom CLI ... > The script could run in a restricted shell and offer a menu of ... account, and either 1) change account password, 2) ...
    (comp.os.linux.misc)
  • Net::Telnet and SMTP
    ... I'm trying to send a sequence of commands and then log both the ... I've included the script and a sample text file (that feeds the scripts ... sub processfile { ... #Try a short delay between sending command and reading output ...
    (comp.lang.perl.misc)