LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-28-2007, 10:37 AM   #1
uncle-c
Member
 
Registered: Oct 2006
Location: The Ether
Distribution: Fedora 14, Ubuntu , Slax 5.1.8, OpenSolaris, Centos 4.8
Posts: 296

Rep: Reputation: 30
Script execution and $Path query.


Hi there,
There is something which has always puzzled me regarding scripts and I wonder if anyone would kindly take the time to explain this.
I have a script called example.script I make this executable by chmod u+x example.script. So why does the script only execute when I type ./script.example and not when I type in just the script name (even when I am in the script's home directory) ? Does bash not look in in the current directory first prior to searching the $Path for the said executable ?
I am sure that on some unix systems I could run a script ( if it was in my current directory) just by typing its name even though its location was not in the $PATH .

Thanks again,
Uncle.
 
Old 11-28-2007, 10:56 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
It is because the path "." isn't present. Doing so would be a security risk. Especially if your /tmp directory isn't on its own partition with the noexec option.
 
Old 11-28-2007, 11:04 AM   #3
mmatt
Member
 
Registered: Nov 2005
Location: UK
Distribution: archlinux
Posts: 90

Rep: Reputation: 19
Good question

I think in some shells you may be right. For example I *think* the Solaris machines I sometimes use allow that. But in Bash I've always found the ./ necessary for items that aren't in $PATH. There may be a way to change this , but it would probably be more effort than just typing ./ when you want to run a script.

In many distributions, $HOME/bin is in path, so perhaps storing them there will add this functionality for you. If not, you can add it yourself in $HOME/.bashrc by adding (or maybe creating the file with)

export PATH=$HOME/bin:$PATH

mmatt
 
Old 11-28-2007, 11:29 AM   #4
uncle-c
Member
 
Registered: Oct 2006
Location: The Ether
Distribution: Fedora 14, Ubuntu , Slax 5.1.8, OpenSolaris, Centos 4.8
Posts: 296

Original Poster
Rep: Reputation: 30
Thanks for the explanation guys. MMatt I was using Solaris a long time ago and that is from where this quirk probably arose.
Quote:
It is because the path "." isn't present. Doing so would be a security risk. Especially if your /tmp directory isn't on its own partition with the noexec option.
Jschiwal, I remember reading about this in a Unix Security Checklist. Could you kindly explain this ?? What would be the nightmare scenario ?

Thanks again !

Uncle

Last edited by uncle-c; 11-28-2007 at 11:36 AM.
 
Old 11-28-2007, 06:33 PM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
The /tmp directory is world writable. It has the sticky bit set so that one user can't delete another users files. Imagine that the /tmp directory is getting full and you enter it as root to delete files there. If a regular user created a program by the same name as "ls" or "rm" that would also install a root kit, then you would be toast just from listing the files. The fake ls command might call the real one so you wouldn't notice, and might in the background install it's own version's of "ls" and "ps" to hide it's presence. Another trick is to name a program after a common misspelling like cd.. .
If you had "." in your path it might run the command from the local directory by mistake. This may even be done by a background script if the CWD is /tmp.

I read where a company was touting their system as super-secure at a trade show. A kid saw that "." was in the PATH and guessed correctly that that was the case for ROOT as well. He wrote something in /tmp and then came back later asking the salesman a question that required the salesman to list files in /tmp. The salesman did this as root. The kid wasn't malicious in what he wrote in the ten seconds or so he was on the machine. I think it simply cleared the screen and put up a false message about formatting the hard drive.

This may also be the oldest hack on Unix as well. If you used a machine and "." was in the path, it was probably added by a lazy admin for convenience. I bet that the root users PATH variable wasn't like that however. Even so, if as a regular user you cd to any world writable directory, or even if a GUI program launches with a world writable directory as it's CWD, you could have your own files trashed. An OS is easy to replace by reinstalling. Your data might not be.
 
Old 11-29-2007, 05:05 AM   #6
uncle-c
Member
 
Registered: Oct 2006
Location: The Ether
Distribution: Fedora 14, Ubuntu , Slax 5.1.8, OpenSolaris, Centos 4.8
Posts: 296

Original Poster
Rep: Reputation: 30
Many thanks jschiwal. You have made things crystal clear !!!

All good wishes,
Uncle-C
 
Old 12-02-2007, 10:28 AM   #7
mmatt
Member
 
Registered: Nov 2005
Location: UK
Distribution: archlinux
Posts: 90

Rep: Reputation: 19
Useful Knowledge

Thanks jschiwal, I've learnt my something new for the day.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache path/execution problem Seventh Linux - Software 5 12-15-2009 07:31 AM
Query regarding execution of script after X Terminal loads arun.tayal Linux - Newbie 4 10-12-2007 02:53 PM
program execution path debugger? (C++) Thinking Programming 3 02-23-2006 05:16 PM
How do I Set MySQL Max Query Execution Time? farmerjoe Linux - General 1 01-26-2005 02:12 PM
query reg path dogma Linux - Newbie 1 06-08-2003 10:09 AM


All times are GMT -5. The time now is 10:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration