Quote:
Originally Posted by hcvv
This practice is however not considered to be harmless. Especialy do not add . (current directory) to your PATH in the case of root!
Think of root standing somewhere in a directory being owned by 'some user' (root can go everywhere can't she/he?). And this 'some user' has an executable called ls there. Imagin what would happen if root tried a 'simple' ls there.
|
I believe you are correct, however, if the path is changed so that . is the last directory in the path as I showed, shouldn't the other ls be used first? In other words, doesn't the system just use the first one that comes up in the path, so if multiple executables exist in the path, whichever is listed first in the path is used? It seems to me that in that case, it would not be a security issue since root's path can not be changed by the user. If I am incorrect, please let me know.