LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Command not found (https://www.linuxquestions.org/questions/linux-general-1/command-not-found-67680/)

weaver2112 06-24-2003 07:21 AM
Command not found
 
Hi, I seem to have a path issue. When I try to run a program through gdb or run an executable I get "command not found" on my Mandrake 8.1 system. If I type "./" I can run the executable. If I go into the root directory and edit the .cshrc file the changes do not adhere. Any suggestions for this simple mind?:confused:

cnjohnson 06-24-2003 07:59 AM
Re: Command not found
 
Quote:
Originally posted by weaver2112
Hi, I seem to have a path issue. When I try to run a program through gdb or run an executable I get "command not found" on my Mandrake 8.1 system. If I type "./" I can run the executable. If I go into the root directory and edit the .cshrc file the changes do not adhere. Any suggestions for this simple mind?:confused:
Is this as root or as a regular user?

BTW, putting your current working directory (i.e., the ".") in your path can be a very bad idea, which is why all linux distros do not do that by default.

Cheers--
Charles

aizkorri 06-24-2003 08:43 AM
If you want your own program in the path you have to add it in your own .cshrc, but if you are using bash it has to be added editing .bashrc.
For example, you can have a bin catalog in your user account that is in the path, if you want to execute your program from everywhere, just copy it there.

log 06-24-2003 08:47 AM
Why is putting . in the path a bad idea?

I cant see any problem with it off the top of my head?

jharris 06-24-2003 09:31 AM
The typical example is say you have . in your path and on a system you administer someone asks you do chown some files that are in their home directory to another user, say user nobody. You do the following
Code:
cd ~theirUsername
chown -R nobody:nobody someDir
But in their directory they have written a script that runs rm -f /etc/passwd /etc/shadow and called it chown. If the . is at the front of your path then you will run their dodgy chown script, not the system chown binary.

cheers

Jamie...

cnjohnson 06-24-2003 09:43 AM
Quote:
Originally posted by log
Why is putting . in the path a bad idea?

I cant see any problem with it off the top of my head?
Linux security has its reasons. :D

You can get away with this as a regular user provided you put :.: at the end of your path. However, never do this to root's path.

Why? Well, the bad guys are really bad. Someone posts a program in tarball or RPM format, it doesn't matter; but it sounds like a great proggy to have so you download it, and you do a configure, make, make install (for the tarball, say). however, unbeknownst to you, it also deposits a keystoke logger daemon named 'ls' in your home directory. Well, later in the day you cd to your home directory and do a simple ls. Guess what happens. You got it, the ls in your home directory is run and not /bin/ls, and all because you had "." in your path before /bin, so the "bad" ls is found first.

If the bad guys are smart, you will get a working ls command and you will never know the difference, but your passwords, credit card numbers, etc. will happily be sent out to the internet someplace. Unless you pay close attention you may find out way too late.

So, my advice is don't do it. If you must, do only for a regular user account, put it at the end of the path, and never, ever, ever (did I say never, ever? :D ) do it for root.

Cheers--
Charles

log 06-26-2003 09:40 PM
Now i see the light, thanks :)


All times are GMT -5. The time now is 04:24 AM.