On Fri, Jul 13, 2001 at 04:57:14PM -0400, Daniel Patrick Berdine wrote: | The Redhat machine I use at work seems to include ./ in the PATH | variable, I can always run executables from my current directory | without using ./ like on my home debian system. This has always seemed | more convenient to me and I wondered why Debian doesn't do this until I
It's up to you wether you want it or not. | read that it is considered a security flaw. Is this always so? Is | there a way to enable this without compromising security? Sure it's a "flaw" : suppose someone creates an executable trojan in "the current directory" named 'cd'. If '.' is the first thing in the path you will execute the trojan rather than the usual /bin/cd. A similar thing happened at school one time, but it wasn't a security issue. The professors had a lab which included a program called 'test'. We (the students) were supposed to run it with certain arguments and observe the results (or time it or something like that). It turned out that csh people had to problems. bash users, however, kept getting weird results and error messages that had nothing to do with the lab. Eventually someone realized that 'test' is a builtin in bash so when people ran "test" they were not running the sample program the staff had provided. Using csh or, after the cause was known, using './test' in bash would solve the problem. If you want to have '.' in the PATH, go for it. Just be aware of what is in '.' that is executable. -D
