Originally posted here by !mitationRust
. means your path, when he initiated su to root it assumed their path, the file in the directory they modified.
[/B]
Just to clarify, I believe "." refers to the current directory, just like ".." refers to the directory above the current one. If this directory (.--the current one) were placed at the end of the search path variable, then the administrator would have executed the real ls command, not the doctored one, and the "trick" would not have worked. The shell just followed the path already set for it (presumably by the admin).