Why should not I add current directory to PATH in Linux?

In summary, adding the current directory to the $PATH variable can lead to security vulnerabilities, as it allows malicious users to execute potentially harmful commands from the current directory. This can be mitigated by placing the current directory at the end of $PATH rather than the beginning. This was demonstrated in the example given, where a sneaky ls command in the current directory was executed instead of the authentic one in the /bin directory.
  • #1
shivajikobardan
674
54
TL;DR Summary
Why should not I add current directory to PATH in Linux?
1686407676824.png

I get that if I put current directory in PATH like said above, I can execute commands from any directory. But what's the problem in that? How's other person able to come and execute it? Why does it makes system unsecure compared to the case where we don't put current directory to PATH? Can you explain the example he's telling?
 
Technology news on Phys.org
  • #2
To make his example more explicit, suppose that the directory you're currently in, has a program (put there by some sneaky person) named ls, that reformats your disk, or encrypts it with a secret password, or something like that. You decide to find out what files are in the directory, and type the usual ls command. It runs the sneaky ls instead of the normal ls command which is something like /usr/bin/ls.
 
  • Like
Likes shivajikobardan
  • #3
In that example, the system will look in the current directory before looking in /bin or /usr/bin. It will therefore run the dodgy ./ls rather than the authentic /bin/ls. And the malicious user can modify ./ls so it doesn't list itself when imitating the output of /bin/ls.

This can be mitigated by placing . at the end of $PATH rather than the beginning.
 
  • #4
pasmith said:
In that example, the system will look in the current directory before looking in /bin or /usr/bin. It will therefore run the dodgy ./ls rather than the authentic /bin/ls. And the malicious user can modify ./ls so it doesn't list itself when imitating the output of /bin/ls.

This can be mitigated by placing . at the end of $PATH rather than the beginning.
thank you. I got this now.
 

1. Why is it not recommended to add the current directory to PATH in Linux?

Adding the current directory to PATH in Linux can pose a security risk as it allows for any executable files in the current directory to be executed without specifying the full path. This could potentially lead to malicious files being executed without your knowledge.

2. What are the potential consequences of adding the current directory to PATH in Linux?

If you add the current directory to PATH in Linux, it could cause conflicts with other programs or system files that have the same name as the files in your current directory. This could result in unexpected behavior or errors.

3. Are there any alternatives to adding the current directory to PATH in Linux?

Yes, instead of adding the current directory to PATH, you can specify the full path to the executable file when executing it. Alternatively, you can create a symbolic link to the executable file in a directory that is already included in PATH.

4. Can adding the current directory to PATH in Linux improve performance?

No, adding the current directory to PATH in Linux will not improve performance. In fact, it may even slow down your system as it has to search through multiple directories to find the executable file.

5. Is it safe to add the current directory to PATH in Linux if I trust all the files in the directory?

Even if you trust all the files in the current directory, it is not recommended to add it to PATH in Linux. If any of the files were to be compromised, it could still pose a security risk. It is always best to err on the side of caution and avoid adding the current directory to PATH.

Similar threads

Why is a temporary directory created when using the Python library matplotlib?
    • Programming and Computer Science
Replies
9
Views
3K
Troubleshooting CMD: Issue with Running .exe Files Using PATH
    • Computing and Technology
Replies
19
Views
1K
Small confusion about redirection in Linux
    • Programming and Computer Science
Replies
10
Views
1K
Mysqld command does not start the MySQL Server
    • Programming and Computer Science
Replies
12
Views
9K
Why do many applications come with their own terminal instead of using the native shell?
    • Programming and Computer Science
Replies
3
Views
338
How did early compilers overcome the need for a compiler to compile itself?
    • Programming and Computer Science
Replies
6
Views
1K
What do you think of Windows Subsystem for Linux (WSL)?
    • Computing and Technology
Replies
12
Views
3K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
    • Programming and Computer Science
Replies
8
Views
2K
Lunatic program on Linux and Smaky ?
    • Programming and Computer Science
Replies
1
Views
2K
MinGW/MSYS problem with search path
    • Programming and Computer Science
Replies
2
Views
5K

Hot Threads

Recent Insights

Back
Top