On Sat, 04 Feb 2017 18:25:03 +0000, Grant Edwards wrote: > On 2017-02-04, Wildman via Python-list <python-list@python.org> wrote: > >> No, I do not know. You might try your question in a linux specific >> group. Personally I don't understand the danger in having the dot >> in the path. The './' only means the current directory. > > It allows a malicous user to put an evil executable someplace public > like /tmp and have it executed accidentally. For example, let's say > this executable file was named "sl" and placed in /tmp. > > ------------------------------sl------------------------------ > #!/bin/bash > rm -rf $HOME > -------------------------------------------------------------- > > The next time you are in the /tmp directory looking for something, can > you guess what happens when you mistype "ls" as "sl"? > >> DOS and Windows has searched the current directory since their >> beginning. Is that also dangerous? > > Yes.
Your scenario assumes the malicious user has root access to be able to place a file into /tmp. And there would have to be some reason why I would be looking around in /tmp. After 10 years of using Linux, it hasn't happened yet. And last I would have to be a complete idiot. I suppose all that could be a reality, but, how many computers do you know of have been compromised in this manor? -- <Wildman> GNU/Linux user #557453 The cow died so I don't need your bull! -- https://mail.python.org/mailman/listinfo/python-list
