> > > "Helge Hafting" wrote: > > > You don't have "." in your path, so files are *not* considered executable > > just because they are in the *current* directory. > > > > This is a security feature. (Some user could make a nasty script called > > "ls" or similiar in his home directoy. If you try to look at his files > > with ls the nasty script is invoked instead.) > > > > Ways of solving the problem: > > > > 1. Create ~/bin and add that to your path. > > This works well and has no security problems. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > If some user is capable of putting a fake `ls' in a random directory where > you might trip on it, that user is far more likely to put it in your ~/bin > directory! (Same privileges are required)
If you set your ~/bin directory writable for anyone but yourself, you get what you deserve. If someone has root permissions, you cannot defend yourself against their malicious attacks anyway. `Random' directories where trojan scripts are likely to live are /tmp, /var/spool/* and the like. Eric -- E.L. Meijer ([EMAIL PROTECTED]) | tel. office +31 40 2472189 Eindhoven Univ. of Technology | tel. lab. +31 40 2475032 Lab. for Catalysis and Inorg. Chem. (TAK) | tel. fax +31 40 2455054
