Setting the PATH
Variable
Take care to correctly set the PATH
variable. Otherwise, you can
accidentally run a program that was introduced by someone else that creates a security
hazard. The intruding program can corrupt your data or harm your system. This kind of
program is referred to as a Trojan horse. For example, a substitute
su
program could be placed in a public directory where you, as system
administrator, might run the substitute program. Such a script would look just like the
regular su
command. Because the script removes itself after execution,
you would have little evidence to show that you have actually run a Trojan horse.
The PATH
variable is automatically set at login time. The path is set
through your initialization files, such as .bashrc
and /etc/profile
. When you set up the user search path so that
the current directory (.
) comes last, you are protected from running
this type of Trojan horse. The PATH
variable for the
root
account should not include the current directory at all.