Gavin Scott <[log in to unmask]> wrote:

>If you add '.' to the *end* of your path, then you can't override any
>executables that exist in standard locations on your PATH because they will
>be found *before* any trojan horses that may have wandered in to your
>working directory.

There's one case where this CAN override standard executables.  Certain mistakes
are common on Unix (or Posix) systems.  For instance, ls -l is often mistyped as
ls-l by people in a hurry who get a little fumble-fingered.  (I use this command
quite often and avoid this problem by aliasing 'ls -l' as ll, which also saves
me a few keystrokes.)  It's an old trick for a malicious user to name a trojan
(or other dangerous program) ls-l and put it in a publicly accessible directory.
The first time someone with '.' at the end of their PATH makes the ls-l mistake
in that directory, the trojan gets executed.  There are other common mistakes
(like co instead of cp, or cd\ to catch those DOS users who meant to type cd /)
that can be used as names for 'bad' programs.

Wayne

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *