Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!wuarchive!udel!haven!adm!smoke!gwyn
From: gwyn@smoke.brl.mil (Doug Gwyn)
Newsgroups: comp.unix.questions
Subject: Re: <None>
Message-ID: <15298@smoke.brl.mil>
Date: 22 Feb 91 19:21:55 GMT
References: <1991Feb22.004010.13359@zip.eecs.umich.edu>
Organization: U.S. Army Ballistic Research Laboratory, APG, MD.
Lines: 22

In article <1991Feb22.004010.13359@zip.eecs.umich.edu> bguthy@amazon.eecs.umich.edu (Bala S. Guthy) writes:
>Hello, I remember when I first learnt Unix, the instructor said,
>that "."  should never be the first thing in one's $path. It had
>something to do with a security hole in Unix. Does anyone know
>what and if there is any disadvantage to having "." as the first
>entry in $path.

It's not a "security hole in UNIX", it's just an unwise policy for
most people since it allows them to unwittingly stumble upon Trojan
horse traps that malicious persons might have planted.  For example,
	echo 'rm -rf $HOME' > /tmp/ls
	chmod +x /tmp/ls
plants a trap such that anyone who has "." before "/bin" in his $PATH
could rue the day that he did the following:
	cd /tmp
	ls
It is also possible to have problems with this even if no malicious
intent is present.

To invoke a program located in the current working directory, type
	./program_name
which works as desired even if "." is not in your $PATH at all.