Why having the current working directory in your PATH is a bad idea
Heres’s an interesting consequence of having the current directory in your path:-
$ PATH=$PATH:. $ echo echo something benign > 0a.sh $ chmod 0700 0a.sh $ * something benign $
Let’s see that again
$ set -xv set -xv + set -xv $ PATH=$PATH:$. PATH=$PATH:. + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:. $ echo echo something benign > 0a.sh echo echo something benign > 0a.sh + echo echo something benign $ chmod 0700 0a.sh chmod 0700 0a.sh + chmod 0700 0a.sh $ * * + 0a.sh bin boot dev etc home lib lost+found mnt opt proc root sbin tmp usr var something benign $
Notice how 0a.sh was executed as it was the first file in the list, and this could be any executable in the directory because the command sorts the commands in alphabetical order and arbitrarily expands the expression and faithfully executes it, whatever it is, and here lieth the danger, amongst others like replacing system commands unwittingly.
Beware, an accidental * could launch all kinds of mischief!