LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 08-20-2003, 10:53 PM   #1
Tarts
Member
 
Registered: Feb 2003
Distribution: Slackware 9.1 (exclusively) ;)
Posts: 344

Rep: Reputation: 30
This is an security concern? Then why is it defualt in Slack 8.1?


Hello all. I'm using something called the advanced Bash-Scripting Guide to learn some stuff. The guide say's:
Quote:
[3] Why not simply invoke the script with scriptname? If the directory you are in ($PWD) is where scriptname is located, why doesn't this work?
This fail's because for security reason's, the current directory ,"." is not included in a user's $PATH, it is therefore necessary to explicitly invoke the script in the current directory with a ./scriptname.
We'll, i was wondering why my system could do this, invoke the script with 'scriptname', i looked in '/etc/profile'
and sure enough the line:
Code:
# For non-root users, add the current directory to the search path:
if [ ! "`id -u`" = "0" ]; then
 PATH="$PATH:."
fi
So should my system be changed, or should the book be fixed..is this a security problem? (assuming the book is referring to non-root)
Humbled by any reply's, Tart's.

Last edited by Tarts; 08-20-2003 at 11:02 PM.
 
Old 08-20-2003, 11:02 PM   #2
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
well it should not be a security concern for non root users (even if they are in /, what can they do bad since they have no right?), but some paranoiac people may want to remove this small "." so they can avoid some slight problem (like an evil programs removing your user's home).
 
Old 08-20-2003, 11:06 PM   #3
Tarts
Member
 
Registered: Feb 2003
Distribution: Slackware 9.1 (exclusively) ;)
Posts: 344

Original Poster
Rep: Reputation: 30
Ummm, i guess i shouldn't believe everything i read. This wouldn't be an issue if i knew more about linux. Thank's for the reply!

Last edited by Tarts; 08-20-2003 at 11:08 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A security concern! Please advise! vharishankar General 5 11-30-2004 10:05 AM
Tweaking Slack security moger Slackware 6 06-27-2004 09:35 AM
how to set security options in Slack 9.1 Nappa Slackware 1 01-15-2004 06:18 AM
Slack 9 firewall/security? Manx_UK Slackware 10 06-06-2003 04:14 PM
Security concern linuxRules Linux - General 3 05-22-2002 01:23 PM


All times are GMT -5. The time now is 08:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration