Why should not I add current directory to PATH in Linux?

AI Thread Summary
Adding the current directory to the system PATH allows users to execute commands from any directory, but it poses security risks. If a malicious program is placed in the current directory with the same name as a legitimate command, such as "ls," the system will execute the malicious version instead of the authentic one. This can lead to harmful actions, like reformatting a disk or encrypting files, without the user's knowledge. To mitigate this risk, it's advisable to place the current directory (.) at the end of the PATH variable rather than the beginning, ensuring that the system prioritizes legitimate commands in standard directories like /bin or /usr/bin over those in the current directory.
shivajikobardan
Messages
637
Reaction score
54
TL;DR Summary
Why should not I add current directory to PATH in Linux?
1686407676824.png

I get that if I put current directory in PATH like said above, I can execute commands from any directory. But what's the problem in that? How's other person able to come and execute it? Why does it makes system unsecure compared to the case where we don't put current directory to PATH? Can you explain the example he's telling?
 
Technology news on Phys.org
To make his example more explicit, suppose that the directory you're currently in, has a program (put there by some sneaky person) named ls, that reformats your disk, or encrypts it with a secret password, or something like that. You decide to find out what files are in the directory, and type the usual ls command. It runs the sneaky ls instead of the normal ls command which is something like /usr/bin/ls.
 
Reply
  • Like
Likes shivajikobardan
In that example, the system will look in the current directory before looking in /bin or /usr/bin. It will therefore run the dodgy ./ls rather than the authentic /bin/ls. And the malicious user can modify ./ls so it doesn't list itself when imitating the output of /bin/ls.

This can be mitigated by placing . at the end of $PATH rather than the beginning.
 
pasmith said:
In that example, the system will look in the current directory before looking in /bin or /usr/bin. It will therefore run the dodgy ./ls rather than the authentic /bin/ls. And the malicious user can modify ./ls so it doesn't list itself when imitating the output of /bin/ls.

This can be mitigated by placing . at the end of $PATH rather than the beginning.
thank you. I got this now.
 

Thread 'Learning Assembly and computer architecture for x86'

Dear Peeps I have posted a few questions about programing on this sectio of the PF forum. I want to ask you veterans how you folks learn program in assembly and about computer architecture for the x86 family. In addition to finish learning C, I am also reading the book From bits to Gates to C and Beyond. In the book, it uses the mini LC3 assembly language. I also have books on assembly programming and computer architecture. The few famous ones i have are Computer Organization and...
View full post »

Thread 'Learning data structures and algorithms in different programming languages'

I have a quick questions. I am going through a book on C programming on my own. Afterwards, I plan to go through something call data structures and algorithms on my own also in C. I also need to learn C++, Matlab and for personal interest Haskell. For the two topic of data structures and algorithms, I understand there are standard ones across all programming languages. After learning it through C, what would be the biggest issue when trying to implement the same data...
View full post »

Similar threads

Python Why is a temporary directory created when using the Python library matplotlib?
Replies
9
Views
4K
Troubleshooting CMD: Issue with Running .exe Files Using PATH
Replies
19
Views
4K
Small confusion about redirection in Linux
Replies
10
Views
2K
Mysqld command does not start the MySQL Server
Replies
12
Views
11K
How did early compilers overcome the need for a compiler to compile itself?
Replies
6
Views
2K
Why do many applications come with their own terminal instead of using the native shell?
Replies
3
Views
2K
MinGW/MSYS problem with search path
Replies
2
Views
5K
Lunatic program on Linux and Smaky ?
Replies
1
Views
2K
What do you think of Windows Subsystem for Linux (WSL)?
Replies
12
Views
4K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
4K

Hot Threads

Recent Insights

Back
Top