You want to avoid invoking the wrong program of a given name.

Ensure that your search path contains no relative directories:

$ perl -e 'print "PATH contains insecure relative directory \"$_\"\n"
              foreach grep ! m[^/], split /:/, $ENV{"PATH"}, -1;'

Imagine you innocently type ls while your current working directory is /tmp, and you discover to your chagrin that you have just run a malicious program, /tmp/ls, instead of the expected /bin/ls. Worse, you might not notice at all, if the rogue program behaves like the real version while performing other nefarious activities silently.

This can happen if your search path contains a period (“.”), meaning the current working directory. The possibility of unexpected behavior is higher if “.” is early in your search path, but even the last position is not safe: consider the possibility of misspellings. A cracker could create a malicious /tmp/hwo, a misspelling of the common who command, and hope you type “hwo” sometime while you’re in /tmp. As there is no earlier “hwo” in your search path, you’ll unintentionally run the cracker’s ./hwo program. (Which no doubt prints, `basename $SHELL`: hwo: command not found to stderr while secretly demolishing your filesystem.) Play it safe and keep “.” out of your search path.

An empty search path element—two adjacent colons, or a leading or trailing colon— also refers to the current working directory. These are sometimes created inadvertently by ...