Shell Tricks part 2 – Why having the current working directory in your PATH is a bad idea

Why having the current working directory in your PATH is a bad idea

Heres’s an interesting consequence of having the current directory in your path:-

$ PATH=$PATH:.
$ echo echo something benign > 0a.sh
$ chmod 0700 0a.sh
$ *
something benign
$

Let’s see that again

$ set -xv
set -xv
+ set -xv
$ PATH=$PATH:$.
PATH=$PATH:.
+ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:.
$ echo echo something benign > 0a.sh
echo echo something benign > 0a.sh
+ echo echo something benign
$ chmod 0700 0a.sh
chmod 0700 0a.sh
+ chmod 0700 0a.sh
$ *
*
+ 0a.sh bin boot dev etc home lib lost+found mnt opt proc root sbin tmp usr var
something benign
$

Notice how 0a.sh was executed as it was the first file in the list, and this could be any executable in the directory because the command sorts the commands in alphabetical order and arbitrarily expands the expression and faithfully executes it, whatever it is, and here lieth the danger, amongst others like replacing system commands unwittingly.

Beware, an accidental * could launch all kinds of mischief!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s