Colin Watson cjwatson at ubuntu.com
Sun Jul 17 19:24:50 UTC 2005

On Sun, Jul 17, 2005 at 03:11:37PM -0400, Sean Sieger wrote:
> Colin Watson <cjwatson at ubuntu.com> writes:
> > No. Mendel is absolutely correct when talking about the current
> > directory, but there are no such concerns about an explicit directory
> > such as ~/bin provided that no users other than you and root can write
> > there.
> I guess that is what I had in mind: say someone got past Shorewall and
> deposited... oh, I think I'm getting it... even if someone could put a
> script in ~/bin, without root privileges, executing said script wouldn't
> work?

No, it'd work; but if they could do that then they could just run
programs as you anyway, so there's no point making your life less
convenient to put up totally ineffective defences. Don't waste time
worrying about this; put the effort into keeping your user account
secure instead.

The reason why people recommend that you shouldn't put the current
directory in your path is because it's very common to change your
current directory to one that you *don't* control, and in that case you
don't want to execute programs from that directory by mistake.


Colin Watson                                       [cjwatson at ubuntu.com]

More information about the ubuntu-users mailing list