As an addition to the above, I would suggest to put your executables in the directory bin within your home directory. That directory is by default in your PATH environment variable. From then on you can type
I found that in YAST, the option for adding the ‘dot’ to the user path is suppose to be default to YES. For some reason, mine got set to NO. I clicked on the default and everthing works now.
Since this is a single user system, the security risk is minimal.
Looking in Yast I do not see any reason this should be a default. The
option is there, both for ‘root’ as well as for other users, but it is
not a default and never should be. If you really want a command to work
as described you should put it in your PATH which could be as simple as
putting it in the ‘bin’ directory within your own user’s home directory.
Having your CWD in your PATH means anytime somebody (as mentioned by
eng-int, including via something from the Internet that you don’t
expect, because that’s how they all are) happens to put ‘ls’ in your
home directory (because you have rights there) and you then run ‘ls’
whatever code is in there will trump the system’s ‘ls’ command and your
user is now compromised, assuming you don’t have system rights in which
case your entire system is gone even though you knew you only ran the
‘ls’ command.
Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
I have been using SuSE/openSUSE since it was SLS, and I cannot recall it ever having these insecure $PATH defaults. This is the Description/Help message from YaST in 11.4 – it’s the same in 11.3:
By default the current working directory is not used when searching for executables.
Some systems set up a work-around by adding the dot (“.”) to the search path, enabling files in the current path to be found and executed. This is highly dangerous because you may accidentally launch unknown programs in the current directory instead of the usual systemwide files. As a result, executing Trojan Horses, which exploit this weakness and invade your system, is rather easy if you set this option.
This setting applies for root user and system users.
If your system is otherwise then it is seriously misconfigured, and should not be trusted until you satisfy yourself as to how it has arrived at that state.
>
> orrinsam;2397682 Wrote:
>> This is from YAST in 11.3
>>
>> Possible Values: yes,no
>> Default Value: yes
>> Configuration Script: groff
>> Description:
>>
>> Do you want to have “.” in the path for normal users?
>> Defaults to “yes” since this has been the case for years.
>
I can see the same text in yast and I am surprised to see it (started with
S.u.S.E. 16 1/2 years ago in early '95) I cannot remember (am I getting so
old that I can’t remember) that . was ever part of the users default path.
And it is exactly not by default set to yes on any of my systems. So what
will yast tell us here?
–
PC: oS 11.4 64 bit | Intel Core i7-2600@3.40GHz | KDE 4.6.0 | GeForce GT 420
| 16GB Ram
Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.7.2 | nVidia
ION | 3GB Ram
If Yast ever says that, it’s wrong. I too am looking on OpenSUSE 11.3
under ‘Security and Users’ and then under ‘Local Security’ and finally
in the ‘Miscellaneous Settings’ area. The help information there does
not state this is/was a default at any time, and also outlines some of
the security considerations.
Regardless of what is being read, the fact is that this option is erring
on the side of foolishness; use at your own peril despite better
alternatives such as your own user’s ‘bin’ directory.
Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If Yast ever says that, it’s wrong. I too am looking on OpenSUSE 11.3
> under ‘Security and Users’ and then under ‘Local Security’ and finally
> in the ‘Miscellaneous Settings’ area. The help information there does
> not state this is/was a default at any time, and also outlines some of
> the security considerations.
>
Look at
yast → system → /etc/sysconfig editor → system → suseconfig →
cwd_in_user_path
to see it.
–
PC: oS 11.4 64 bit | Intel Core i7-2600@3.40GHz | KDE 4.6.0 | GeForce GT 420
| 16GB Ram
Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.7.2 | nVidia
ION | 3GB Ram