# What is the big deal about this?



## neilms (Nov 14, 2012)

I can't see what the big deal is in adding the current directory to my path. If anything it saves a lot of hassle. I do not have to keep typing ./runthis. Now all i type is the program name.
Why is this considered a 'security risk' by the paranoid security nut-jobs who wear army combat clothes?


----------



## kpa (Nov 14, 2012)

It's a very big deal for the root user in a multiuser environment because a malicious user could put an executable in his home folder or any of the temporary directories writable by him with the same name as a system binary (or a file with name that is common mispelling for a system binary e.g. lm for ln) and have it run with root priviledges if root's PATH includes the current directory. 

On a regular user and on a workstation system where there is just one user plus root you don't have to worry about such things.


----------



## UNIXgod (Nov 14, 2012)

neilms said:
			
		

> I can't see what the big deal is in adding the current directory to my path. If anything it saves a lot of hassle. I do not have to keep typing ./runthis. Now all i type is the program name.
> Why is this considered a 'security risk' by the paranoid security nut-jobs who wear army combat clothes?



don't you use $HOME/bin? You could just shiv it like so sh runthis.


----------



## _martin (Nov 14, 2012)

@kpa said it all. 

Yes, system commands would be searched first if you put the current directory at the end of the PATH. But those typos are pretty important too. Just imagine (or test) that somebody puts /tmp/ehco script with the following body: 


```
#!/bin/sh

printf "gotcha!\n"
```

root is currently under /tmp and tries a command which involves echo and misspells it with ehco.

Yes, _gotcha!_ text is not that interesting. But what if I put this there instead: 


```
(pw user mod martin -u 0 && rm /tmp/ehco) > /dev/null 2>&1
```

Makes more use for it. Yeah, this example is primitive but shows the point.


----------



## Crivens (Nov 15, 2012)

Since the rest is already answered sufficiently, I will address this little part here:


			
				neilms said:
			
		

> Why is this considered a 'security risk' by the paranoid security nut-jobs who wear army combat clothes?



In my experience, those security guys who wear army garb are those who are least likely to see this as a problem. 

Those who are really paranoid on security will also take pains not to look like security guys, and make double sure not to hint about being paranoid about security. Which type of security is better suited for your needs is up to you to decide.

@matoatlantis: the type of security paranoid BOFH I mean would have it's own version of pw installed which would work for him or you but would also set the shell of the user modified to something like /bin/false, kill all it's current processed and produce a syslog entry about this change.


----------

