Quoting Petter Adsen (pet...@synth.no):
> PS: What _are_ the security implications of having a PATH set to
> "/foo/bar:"?
man bash:
PATH The search path for commands. It is a colon-separated list of
directories in which the shell looks for commands (see COMMAND
EXECUTION below). A zero-length (null) directory name in the
value of PATH indicates the current directory. A null directory
^^^^^^^^^^^^^^^^^^^^^
name may appear as two adjacent colons, or as an initial or
trailing colon. The default path is system-dependent, and is
set by the administrator who installs bash. A common value is
``/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin''.
And to spell out the dangers of that, consider:
$ cd /home/evilperson/malicious-programs/
$ emaca (oops, I mistyped emacs. Funny, why are my files disappearing?)
(oh dear, their file "emaca" contains rm -f ~/*)
or, if the colon is at the start of PATH:
$ date (Funny, why...?)
(oh dear, their file "date" is a symlink to emaca)
$ ls -1 /home/evilperson/malicious-programs/
date
emaca
...
$
Cheers,
David.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150524185902.GA653@alum
