This is the mail archive of the
cygwin
mailing list for the Cygwin project.
RE: Sould . (current dir) be in the PATH
- From: "Dave Korn" <dave dot korn at artimi dot com>
- To: <cygwin at cygwin dot com>
- Date: Thu, 15 Sep 2005 18:42:12 +0100
- Subject: RE: Sould . (current dir) be in the PATH
----Original Message----
>From: Tino.Engel@infineon.com
>Sent: 15 September 2005 18:35
> Hi,
>
> '.' is not in the PATH due to security reasons on most business setups.
> I do not know if this is due to security against external threads or the
> user himself...
Both, kind of.
Imagine what would happen if
1) The root user has '.' in $PATH
2) The root user wants to see what files are in /tmp, so issues the
commands
cd /tmp
ls
3) Ten minutes earlier, some other user ran
echo "rm -rf / &" >/tmp/ls ; chmod a+x /tmp/ls
Not having '.' in your $PATH means that when you run ls, you always get
the real ls. (Assuming you haven't given world write perms to /bin).
cheers,
DaveK
--
Can't think of a witty .sigline today....
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/