. Should Not be in Your Path!
Posted by Matt Johnson | 2008-02-08 10:30:55
If you write a lot of shell scripts, I'm sure you're tempted to put the current working directory in your PATH variable. But that is a pretty big mistake.
Consider a user who calls you up and says he has a bunch of weird files in his home directory. You login as root and run an ls in his home folder. You don't see anything odd, and he says they all disapeared. You don't think anything of it. But what you didn't realize, is he added himself to the admin group.
Your PATH looks like this
.:/usr/kerberos/sbin:/usr/kerberos/bin://sbin://bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
That user put an exacuteable file in his home directory called ls. In ls he had a shell script that looked like this:
usermod -g 0 johndoe; ls $1
You compromised your system