Home > English, security, Tech Crunch > Why adding . to the PATH on UNIX is BAD ?

Why adding . to the PATH on UNIX is BAD ?

This article was first written in December 2003 for
the BeezNest technical website (http://glasnost.beeznest.org/articles/96)

Some UNIX administrators find it handy to add «.» in the PATH (and some even put it at the beginning of the PATH). Why is this bad? On UNIX, everything is made so that you don’t have to do it. Anything not doing so can be considered buggy, and can be fixed easily.

Imagine someone has access to write a file in a otherwise harmless directory, like /tmp for example. Image now that that someone wants to do harm. He saves his file (a shell script for example) as ls and makes it executable. Now, you cd to /tmp and type ls. What happens?

Such a script could look like this:


rm -f ~/*

Now what?

Imagine now what could be done if this is done as root and read carefully this also: Why using root on UNIX is bad ?.

If you insist on adding «.» to the PATH [1], please do so at the end of the PATH, this is yet far safer.

[1] probably to get a similar behaviour than on MS-DOS & Windows

Categories: English, security, Tech Crunch Tags: , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: