LinuxQuestions.org - This is an security concern? Then why is it defualt in Slack 8.1?

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - This is an security concern? Then why is it defualt in Slack 8.1? (https://www.linuxquestions.org/questions/slackware-14/this-is-an-security-concern-then-why-is-it-defualt-in-slack-8-1-a-84036/)

This is an security concern? Then why is it defualt in Slack 8.1?

Hello all. I'm using something called the advanced Bash-Scripting Guide to learn some stuff. The guide say's:

Quote:

[3] Why not simply invoke the script with scriptname? If the directory you are in ($PWD) is where scriptname is located, why doesn't this work?
This fail's because for security reason's, the current directory ,"." is not included in a user's $PATH, it is therefore necessary to explicitly invoke the script in the current directory with a ./scriptname.

We'll, i was wondering why my system could do this, invoke the script with 'scriptname', i looked in '/etc/profile'
and sure enough the line:

Code:

# For non-root users, add the current directory to the search path:

if [ ! "`id -u`" = "0" ]; then

 PATH="$PATH:."

fi

So should my system be changed, or should the book be fixed..is this a security problem? (assuming the book is referring to non-root)
Humbled by any reply's, Tart's.

well it should not be a security concern for non root users (even if they are in /, what can they do bad since they have no right?), but some paranoiac people may want to remove this small "." so they can avoid some slight problem (like an evil programs removing your user's home).

Ummm, i guess i shouldn't believe everything i read. This wouldn't be an issue if i knew more about linux. Thank's for the reply!