Re: Why executable?

Thu, 14 Aug 2003 16:49:43 -0700 

--- Ovid <[EMAIL PROTECTED]> wrote:
> And as a word of caution, some like to add '.' to their path in order to
> save typing an extra two
> letters ('./' in front of the file name).  Don't do this, though, as this
> is a major security
> hole.

It depends on the flavor or Unix you are using.  Also, if you are not running
as root, there is no harm done.

The './' simply tells Unix to explicitly use this file, don't look anywhere
else.  If there was another one in your path, it might use that one instead,
hence the risk you are referring to.  Again, this DOES depends on what flavor
of *nix you are using.

> Using google to search for 'current directory path linux security hole' for
> many examples of this
> hole.

One of the links said never to use "find .... -exec rm -f" since 'rm' does
not follow symlinks.  Again, this depends on what flavor you are using....
I'm currently on an HP-UX, and have used Solarias 8.x, AIX, and SysV5.... I
don't remember this being a problem.  It COULD be a problem with Linux though
-- I can't speak to that.

> Cheers,
> Ovid


-JW

> --- fliptop <[EMAIL PROTECTED]> wrote:
> > On Mon, 11 Aug 2003 at 22:36, Octavian Rasnita opined:
> > 
> > [snip]
> > OR:I've tried chmodding the perl script to 755, and I've tried running it
> > OR:with:
> > OR:
> > OR:$ script.pl
> > OR:
> > OR:...but it didn't want to run, telling me that there is no command
> > OR:script.pl, even though the script has a shebang line in it.
> > 
> > you may want to try it again by specifying './script.pl' because if the 
> > directory '.' is not in your PATH, it won't find the file.
> > 
> > 
> > -- 
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > 
> 
> 
> =====
> Silence is Evil           
> http://users.easystreet.com/ovid/philosophy/indexdecency.htm
> Ovid                       http://www.perlmonks.org/index.pl?node_id=17000
> Web Programming with Perl  http://users.easystreet.com/ovid/cgi_course/
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
> 
> -- 
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to