RE: how to execute an excutable file | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
hi thanks Michael and Rick for this wonderful illustration. > > > Hi, > > > why shouldn't current working directory be in the PATH?? > > > > > > Narendra > > > > > > > This is more important for the 'root' user as opposed to regular users but I > > guess one could advise it for all users. > > > > It's to avoid a security risk called a Trojan Horse. A Trojan Horse is an > > executable that has the same name as a standard Linux/Unix system command > > but does something completely different. > > > > Say you're in the 'tmp' directory (or any publicly accessible directory) and > > an unknown user has created a program called 'ifconfig' in that directory. > > You, as root, would like to execute the 'ifconfig' command while in the tmp > > directory. If '.' is in the path before /sbin is, you will inadvertently > > execute the 'ifconfig' command in the tmp directory. That ifconfig command, > > run as the root user, can do anything it wants, even give root permissions > > to any other user. > > > > That is why the 'root' user should only have well-defined system directories > > in its path, and definitely not directories that are publicly-accessible. > > Since '.' can point to anything, it should never be in the path. > > > > Variants of this idea can also apply to all users. > > Good example, Michael. > > ---------------------------------------------------------------------- > - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxxxxx > - - VitalStream, Inc. > http://www.vitalstream.com - - > - - To iterate is human, > to recurse, divine. - > ---------------------------------------------------------------------- > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request@xxxxxxxxxx > Subject: unsubscribe Narendra Kumar PhD Scholar Bioinformatics Center National Institute of Immunology Aruna Asaf Ali Marg New Delhi-110067 Telephone Numbers (EPABX): 26717121 to 26717145, Ext:724 Fax : 91-11-26162125 & 91-11-26177626 _______________________________________________ Redhat-install-list mailing list Redhat-install-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/redhat-install-list To Unsubscribe Go To ABOVE URL or send a message to: redhat-install-list-request@xxxxxxxxxx Subject: unsubscribe
[Home] [Fedora Users] [Red Hat General] [Red Hat Watch List] [Red Hat Development] [Samba List] [Kernel List] [Kernel Newbies] [Hot Springs] [Yosemite News]