Hi guys, new member, sort of new to linux, have a cisco ios background. I have a question about the statement below, I am studying for my LPIC-1 and the following statement is from my book. Specifically I do not understand what the author means by 'root account should normally have a shorter path'
and 'root's path should never include the current directory (./)'


"The root account should normally have a shorter path than ordinary user accounts. Typically, you’ll omit directories that store GUI and other user-oriented programs from root’s path in order to discourage use of the root account for routine operations, thus minimizing the risk of security breaches related to buggy or compromised binaries being run by root. Most important, root’s path should never include the current directory (./). Placing this directory in root’s path makes it possible for a local miscreant to trick root into running replacements for common programs, such as ls, by having root change into a directory with such a program. Indeed, omitting the current directory from ordinary user paths is also generally a good idea. If this directory must be part of the ordinary user path, it should appear at the end of the path so that the standard programs take precedence over any replacement programs in the current directory."

It means that in linux, when typing a command like the shell (bash most likely) will search only your PATH environment for that executable.
This means that even if you are in the directory in which a executable resides, you can't execute it just by typing it's name. To circumvaint this, linux users usually type or You can, however, add the current directory to the path by adding ./ (or simply .) in the PATH environment.. However this is very bad practice for root..

Consider that a tricky user made a malicious script that changed the password of the root account (or does any other thing) and named that program cd or ls and put it in his home folder... Then consider a newby sys-admin that allowed the following PATH for root Now, if he ever founds himself in that users home directory and uses the cd or ls commands, that malicious programs will get executed instead (well, in this exact situation, in a typical system, bash already found cd once in /usr/bin/cd and won't look for it again -- but that's another discussion)

Hope I've cleared things up a little..

1 members found this post helpful.

Thank you Smokey! Feel confident moving on now. That was exactly what I needed.

Just for the sake of completeness and to avoid mistakes, cd is in any case a shell built-in command, no external command for that exists.

1 members found this post helpful.

Well, if I ever knew that, I completely forgot about it.. Thanks Tobi..