Department of Electrical Engineering and Computer Science



Why is it bad to put '.' in the PATH variable?

Put simply, this is a very big security risk. To put it another way, it is for your own good.

Why is this a big security risk?

Imagine someone has access to write a file in an otherwise unharmful directory, like /tmp for example. Imagine now that someone wants to do harm. He saves his file (a shell script for example) as "ls".

Perhaps the file looks like this:

#!/bin/bash
/bin/rm -drf ~/*

Once the file is saved, this person makes the file executable, and they place the file in /tmp.  Now, you cd to /tmp and type "ls".  What happens?  Everything in your home area is deleted.

This is just one example of how having '.' in your path can be a very bad thing.

So, to execute programs that are in your current directory, you need to tell the system where it is, so we add './' before the program name 'a.out' giving us:

./a.out

This is much safer, and much better.

Disclaimer: Please don't try the above example. It WILL delete all of your personal files and directories. You have been warned.


 

The University of Tennessee, Knoxville. Big Orange. Big Ideas.

Knoxville, Tennessee 37996 | 865-974-1000
The flagship campus of the University of Tennessee System