LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-07-2007, 09:49 PM   #1
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Rep: Reputation: 38
Why the './' to execute files?


Ok, I understand the technical "WHY" we need to use './executable' to execute a program in the current directory. It has to do with the PATH variable. However, strategically, WHY was Linux built to require it for local path execution?
 
Old 03-07-2007, 10:04 PM   #2
docalton
Member
 
Registered: Dec 2002
Location: St Louis, MO
Distribution: Arch Linux
Posts: 99

Rep: Reputation: 15
Here is my opinion.

It was done help the system admins to avoid executing user programs named identically to system commands. Here is an example:

Joe user write a shell script named "ls" in his home directory that contains:

unalias rm
rm -R /* > /dev/null 2>/dev/null

* there could be a typo in here....

Now he makes it executable

Silly admin sees something strange, so he goes into his directory and types ls.

If the current working directory is listed perhaps before /bin.... WOW... silly admin now has wiped the systems. If its not in the path, then it just executes the /bin/ls command that does what he expects.

Once again... my opinion
 
Old 03-07-2007, 10:12 PM   #3
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 356Reputation: 356Reputation: 356Reputation: 356
docalton is right, it is for security purposes. While it is acceptable for normal user accounts, it's very bad for root, so to be safe many distributions don't add "./" to the path at all.

The concept goes a bit like this:

Let's say the root user has "./" in his path. Let's also say somebody else who has access to the machine wants to do some damage or elevate his privileges.

What he could do would be to go into a directory he has write access to, for example /tmp, and create a script that has the same name as a common command, like "ls". The script could do whatever he wants; setup a copy of /bin/bash setuid root in their home directory, delete everything on the drive, etc. Then it would just execute the actual command it is named after so when it is run nothing seems amiss. The script would be run by root, so it would be able to do anything.

Then all he has to do is fill /tmp with some random garbage files, large enough to warrant attention. The root user goes into /tmp to see what is going on, logically runs "ls" to see the files, and oh boy, we are rooted.
 
Old 03-07-2007, 10:27 PM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,965

Rep: Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530
When a command is entered at the prompt the shell only searches the path environment for a directory containing the desired file. Windows looks in the current working directory first and if the file was not found then searches the path environment. As already stated it is for security reasons.

./ is just a shortcut for the current working directory. One can always type the entire path to execute any command.
 
Old 03-08-2007, 04:56 PM   #5
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Original Poster
Rep: Reputation: 38
Wow ... Those are some excellent examples for this reasoning. Thanks for the lesson! Now that I understand that, I'm thinking MS has yet another hole to close ... hehe.
 
Old 03-08-2007, 10:04 PM   #6
gregorian
Member
 
Registered: Apr 2006
Posts: 509

Rep: Reputation: 34
One more question. If I included . in my PATH variable, and I typed ls, how would the computer know which 'ls' to execute?

I tried it with a shell script, and it executed the one in the bin directory. I guess nothing is wrong with adding . to your PATH. It looks like there is some sort of precedence order. If that is the case, what is it?

Last edited by gregorian; 03-08-2007 at 10:17 PM.
 
Old 03-08-2007, 10:20 PM   #7
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 356Reputation: 356Reputation: 356Reputation: 356
As docalton said earlier, it is done in sequential order based on the $PATH environment variable.

Or in other words, if your $PATH was:

Code:
/usr/local/bin:/usr/bin:/bin:/usr/X11/bin:/usr/games:/usr/lib/java/bin
A program located in /usr/local/bin would be executed before one in /usr/games even if they had the same name.

So if you had ./ or . last, then it would run the normal "ls" command. But if you had it first, then it would run a local file named "ls" first.
 
Old 03-08-2007, 10:30 PM   #8
docalton
Member
 
Registered: Dec 2002
Location: St Louis, MO
Distribution: Arch Linux
Posts: 99

Rep: Reputation: 15
Also on a side note to this.

The command "which" will tell you which actual program it would execute.

So. if you typed in: which ls
the result would/should be /bin/ls

If you used the following command in bash

export PATH=./:$PATH

and made a silly ls script (make it executable)

Then type in which ls

it would return .//ls denoting that it was running the ls script in the current directory

However: If you did export PATH=$PATH:./ then which ls should return /bin/ls because the first ls was found in /bin


The which command can be usful.

Hope this helps
 
Old 03-09-2007, 02:09 AM   #9
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
It is easier to execute programs using absolute paths instead as relative paths. If relative paths are used, there is no way of knowing where the program came from. When using absolute paths, anybody can know where the program came from.

Quote:
Originally Posted by michaelk
./ is just a shortcut for the current working directory. One can always type the entire path to execute any command.
The ./ does not mean current work directory. The . is a short cut for the current working directory. The / makes the path complete. Of course a user can type .configure and run a program that produced different results than what is intended.

Example:
Assuming current working directory is /home/dumbo/tmp. Dumbo mistype ./silly by typing .silly. Dumbo had a script called tmpsilly located in /home/dumbo. It ran /home/dumbo/tmpsilly instead of /home/dumbo/tmp/silly.

Double check your commands before hitting enter or else you could be a dumbo.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how can i execute applications with SH files ? HalkEkmek Ubuntu 1 02-16-2006 02:27 PM
AIX: cannot execute binary files felixweimann AIX 2 11-19-2004 02:40 PM
Cannot execute executable files without ./ brady9953 Linux - Newbie 3 10-13-2003 04:19 PM
can't execute the .exe and .tar.gz files Vieux Linux - General 12 12-01-2002 06:36 PM
normal user can't execute files in cd..? doublefailure Linux - Hardware 0 09-11-2002 02:04 AM


All times are GMT -5. The time now is 02:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration