On Wed, Jun 01, 2005 at 10:45:06PM -0500, Yaron wrote:
> That's because they have the current directory in the path.
> 
> THIS IS A HUGE SECURITY VULNERABILITY and you should never, EVER do it. 
> Keep using the ./script. It's MUCH better than compromising security on 
> your box. I cannot stress this enough: do NOT add Current Directory to the 
> path.

Good advise.  However, I live in the real world and I konw that certain,
uhh, individuals will not change their habits.

So if you have to have a "." in your path, the important thing is to be
sure to append it to the end of your path.  Do NOT put it in the
beginning of the path.  

At least if it's in the end of your path, and someone drops a trojan'd
"ls" in /tmp - the real ls will be found and ran before the /tmp
version.

It's tempting when you're new to the command line to do the dot in path
thing.  But really after a bit it becomes second nature - and is less
ambiguous.  Very important to always know exactly what's going on when
you're at the command line, particularily as root (i will put my foot
down when it comes to a . in root's path :) )

Dan