HPE Community
Operating System - Linux
1829490 Members
1377 Online
109991 Solutions
New Discussion

Re: What is the meaning of :.: in the PATH?

 
SOLVED
Go to solution
Eric Antunes
Honored Contributor

‎02-21-2006 02:15 AM

‎02-21-2006 02:15 AM

What is the meaning of :.: in the PATH?

PATH=$HOME/bin:$PATH:.:/disc1/patches/zzzip

Best Regards,

Eric Antunes
Each and every day is a good day to learn.
0 Kudos
15 REPLIES 15
A. Clay Stephenson
Acclaimed Contributor

‎02-21-2006 02:17 AM

‎02-21-2006 02:17 AM

Solution

Re: What is the meaning of :.: in the PATH?

It's what '.' always means -- the current directory.
If it ain't broke, I can fix that.
0 Kudos
Peter Godron
Honored Contributor

‎02-21-2006 02:18 AM

‎02-21-2006 02:18 AM

Re: What is the meaning of :.: in the PATH?

Eric.
the :.: means "and current directory".
0 Kudos
Geoff Wild
Honored Contributor

‎02-21-2006 02:18 AM

‎02-21-2006 02:18 AM

Re: What is the meaning of :.: in the PATH?

That is dangerous - . means current directory.

Don't put . in the PATH - why?

A malicious user could create a script in say their home dir called "ls"

In it is "rm -rf /*"

As root - if you were in their dir and executed ls - and if . was before /usr/bin in your PATH - then the user's ls script would execute...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Jeff_Traigle
Honored Contributor

‎02-21-2006 02:19 AM

‎02-21-2006 02:19 AM

Re: What is the meaning of :.: in the PATH?

And is considered a very bad from a security perspective, especially if it's in root's PATH.
--
Jeff Traigle
0 Kudos
Arunvijai_4
Honored Contributor

‎02-21-2006 02:20 AM

‎02-21-2006 02:20 AM

Re: What is the meaning of :.: in the PATH?

Hi Eric,

It means, you have added the current directory. It is harmful when you set this as a root.
A security threat. (in case of root)

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Jean-Yves Picard
Trusted Contributor

‎02-21-2006 02:20 AM

‎02-21-2006 02:20 AM

Re: What is the meaning of :.: in the PATH?

Hello,

strange question comming from a king ...

the meaning of :.: is you want to search current dir for executables.

in your case, assignement means
1) search $HOME/bin
2) search previous $PATS's dirs
3) search current directory (e.g; the one the shell is)
4) search /disc1/patches/zzzip

Jean-Yves Picard
0 Kudos
Eric Antunes
Honored Contributor

‎02-21-2006 02:25 AM

‎02-21-2006 02:25 AM

Re: What is the meaning of :.: in the PATH?

It is what I was suspecting of but, since I didn't put it myself, I wanted to be sure.

This is oracle user PATH and I don't understand the need of this...

Best Regards,

Eric Antunes
Each and every day is a good day to learn.
0 Kudos
Arunvijai_4
Honored Contributor

‎02-21-2006 02:28 AM

‎02-21-2006 02:28 AM

Re: What is the meaning of :.: in the PATH?

Hi Eric,

As you can see from /.profile,

#cat /.profile
# @(#)B.11.11_LR

# Default (example of) super-user's .profile file


# Do not put "." in PATH; it is a potential security breach.
# Do not put "/usr/local/bin" in PATH; it is a potential security breach.
# Example assumes /home/root exists.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Torsten.
Acclaimed Contributor

‎02-21-2006 02:49 AM

‎02-21-2006 02:49 AM

Re: What is the meaning of :.: in the PATH?

Hi Eric,

imagine this:

a user writes a script to do some action, e.g. to add himself to the root user group in passwd. This action can only be done as root. Now he stores the file in /tmp and gives a filename like "ll" or "pwd".

If you (logged on as root) now issuing a "pwd" in /tmp and the dot is included in your PATH variable, the script will be executed. Thats why this is dangerous and should be avoided.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Bill Hassell
Honored Contributor

‎02-21-2006 03:00 AM

‎02-21-2006 03:00 AM

Re: What is the meaning of :.: in the PATH?

And just a couple of alternative forms for :.:
If the last character in $PATH is :, it's the same as :.: and if two adjacent :: are in $PATH, it means :.: (this is a common error caused by editing /etc/PATH or bad install scripts. As mentioned, the current working directory (seen by the pwd command) should always be assumed to be suspect. In fact, some sysadmins learned that the way to run a program is to cd to the directory and then type the command name (leftover from bad DOS habits).

$PATH can be a severe security risk for users, and especially for the root superuser. /etc/PATH establishes a default set of 'safe' paths to look for executazbles but it often turns into a massive list of possibile locations, often due to applicsation installers. root's PATH should be different and more restrictive than user PATH values.

Also, don't use which and whereis to 'locate' programs as they do not follow the rules that a shell uses. Instead, determine where a particular executable will be found by using the whence command, specifically whence -v (which is aliased to: type) This command tells you exactly the path that a specific command has in your current environment. It is not a 'find' command but a "what will happen if" command.


Bill Hassell, sysadmin
0 Kudos
Eric Antunes
Honored Contributor

‎02-21-2006 03:48 AM

‎02-21-2006 03:48 AM

Re: What is the meaning of :.: in the PATH?

Thank you all!

I will let those oracle and applmgr PATH definitions as they are because this is needed to apply application patches, for example.

Best Regards,

Eric Antunes
Each and every day is a good day to learn.
0 Kudos
Muthukumar_5
Honored Contributor

‎02-21-2006 02:46 PM

‎02-21-2006 02:46 PM

Re: What is the meaning of :.: in the PATH?

If you are having . in PATH variable then it is including current directory itself.

Then you don't need to execute script as,

# ./scriptname.sh

# scriptname.sh

is enough. You can include a scriptfile with out syntax as,

# . ./scriptname.sh

simply as,

scriptname.sh

in any other script(s). How ever it is not good to add it. Try to remove that . in PATH.

--
Muthu

Easy to suggest when don't know about the problem!
0 Kudos
Arunvijai_4
Honored Contributor

‎02-21-2006 03:23 PM

‎02-21-2006 03:23 PM

Re: What is the meaning of :.: in the PATH?

Hi Eric,

Have a look at this doc from CERT,

http://www.cert.org/tech_tips/usc20.html

[UNIX Security Checklist v2.0]

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Vibhor Kumar Agarwal
Esteemed Contributor

‎02-21-2006 05:19 PM

‎02-21-2006 05:19 PM

Re: What is the meaning of :.: in the PATH?

People generally do this for their convenience.

If you create a script file then you have to run it like

./script_name

But if you have the . in the path simply

script_name will run

Now it depends on you whether you want it or not :-)
Vibhor Kumar Agarwal
0 Kudos
Eric Antunes
Honored Contributor

‎02-21-2006 10:24 PM

‎02-21-2006 10:24 PM

Re: What is the meaning of :.: in the PATH?

Unfortunatly, I must leave this as many Oracle built-in scripts seems to get advantage of this kind of PATH.

Thank you!
Each and every day is a good day to learn.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.