On Wed, Jun 01, 2005 at 10:45:06PM -0500, Yaron wrote: > That's because they have the current directory in the path. > > THIS IS A HUGE SECURITY VULNERABILITY and you should never, EVER do it. > Keep using the ./script. It's MUCH better than compromising security on > your box. I cannot stress this enough: do NOT add Current Directory to the > path. Good advise. However, I live in the real world and I konw that certain, uhh, individuals will not change their habits. So if you have to have a "." in your path, the important thing is to be sure to append it to the end of your path. Do NOT put it in the beginning of the path. At least if it's in the end of your path, and someone drops a trojan'd "ls" in /tmp - the real ls will be found and ran before the /tmp version. It's tempting when you're new to the command line to do the dot in path thing. But really after a bit it becomes second nature - and is less ambiguous. Very important to always know exactly what's going on when you're at the command line, particularily as root (i will put my foot down when it comes to a . in root's path :) ) Dan