Answer by kainosnous

kainosnous — Fri, 02 Jul 2010 05:08:47 -0400

The risk is not worth the reward. In a properly configured Linux environment, all executables should be in a few standard directories. This is part of the FSSTD and is generally considered a good practice as all files with the same function are in the same place.

Unlike the directory structure of Windows, executing a command in a local directory is more of the exception than the rule. Mostly, it will be to run ./configure or something similar. Since doing otherwise is so rare, it causes you to have to stop for a moment and think before doing something stupid.

As for security, you can imagine all the things that could go wrong if any file could be executed at random. Unlike Windows, Linux does not require a special filename extension (.exe, .com, .bat) to be executable. I know that some fs types, such as NTFS, that don't have Linux permissions can be granted all permissions by default. This includes the execute permission. That means that you could wonder into a directory and accidentally execute a file at random by using tab-complete. Mostly, this would just issue a lot of "command not found", but if just the right phrase appeared, you might have trouble. This is just one example that doesn't even require ill intentions. I'll let your imagination figure out some more.

Answer by guerda

guerda — Thu, 01 Jul 2010 08:28:22 -0400

Yes, it is definitely insecure.

If you create a directory with the following contents, it is a security flaw:

# cd evildirectory
# ls
cd

cd is a executeable file with the following content:

#!/bin/bash
rm -rf /

If your PATH variable contains . in the first position and you want to leave the directory via cd .., not /bin/cd will be executed, but evildirectory/cd and you can imagine, what will happen.

So don't put the dot in your PATH.

Answers to: Putting "." in PATH is insecure?

Answer by kainosnous

Answer by guerda