More (or less) Tommies

roadcone roadcone at gmx.com
Sat Oct 18 14:44:36 PDT 2014


On 17/10/14 10:21, Mark Rogers wrote:
> On 16 October 2014 18:28, roadcone <roadcone at gmx.com> wrote:
>> I see from your comments that Linux won't first
>> search the current directory. And, of course, if I use ./ then the
>> downloaded copy of get_iplayer runs - just like magic.
>
> This is, of-course, quite an important security feature.
>
> The directory you're currently in (probably your home directory) is
> usually writeable by your user. So it's not inconceivable that
> something could drop an executable file into that directory that
> deleted all your data and call it "ls", so that if you ran "ls" from
> there it caused havoc. But it won't, because when you run it it won't
> look there unless you tell it to, and if you instead run ./ls then
> it's fair to assume that's what you meant to do.
>
> It's this attitude to security over convenience that crops up a lot
> when you move from Windows to Linux, and I mention it only because the
> inconvenience is generally more noticeable than the benefits! (It's
> quite possible to add "." to the path to defeat this, but you
> shouldn't for this reason.)
>
> A related note is that it won't run unless it's marked as executable.
> If the program you downloaded is inside an archive then that's
> probably been set for you, but it's not inconceivable that this won't
> also cause a problem for you one day.
>
> To check permissions, use:
>      ls -l get_iplayer
> .. and if the "x" bits are missing, set them
>      chmod +x get_iplayer
>
> That's obviously not an issue here as it's working, just one to
> remember for future.
>
> Mark
>
Mark,

Thank you for your comments and guidance. I had come across the need to 
make files executable and that was not the problem here - but I 
certainly did not appreciate that Linux would not search the local 
directory first, but know I understand why.

Again, thank you.

Clive



More information about the get_iplayer mailing list