[Next] [Previous] [Up] [Top] [Contents]

28.9 Security Loopholes

28.9.8 PATH

Your executable path, and that of root should not contain ".", i.e. the present directory. It should only contain directories that are known to be secure. e.g. a PATH such as

PATH=.:/bin:/usr/bin:/usr/ucb

will first check in the present directory for the specified file. Should a user put an executable file in /tmp with a common name, e.g. "ls", typing "ls" when in /tmp will execute their command, /tmp/ls.

Some people advocate putting "." at the end of your PATH. That's not sufficient, especially if you're prone to typing mistakes, e.g. typing mroe instead of more will not be found in one of the system files, but a thoughtful cracker could have one lying in wait for you.

Unix System Administration - 8 AUG 1996
[Next] [Previous] [Up] [Top] [Contents]