Jim Meyering wrote: > If security isn't enough of an argument, you can consider this yet another > reason not to put "." early in your PATH. Please consider removing > "." from your PATH altogether. Yes, that does make for some small amount > of extra typing (you have to prefix certain commands with "./"), but > that is a small price to pay for the reduced risk of mishap. > [Sorry to harp on this again, but I wouldn't want readers to get the > impression that it's ok to have "." *anywhere* in PATH, much less > near the beginning. ]
The only security argument I've seen so far against "." in PATH is that every user, at some point in time, does things like $ cd /tmp $ ls -l and another user on the same machine may have stored a malicious program at /tmp/ls. A similar argument holds for group-writable directories on machines where you don't trust all users of the same group. But when you are on a LAN where you trust all users, or on a firewalled machine where you are the only user and even your own sysadmin, I see no point in reducing the PATH. - If you trust everyone in your house, and have a lock at the door of your house, would you also lock your bedroom's door at night? Bruno _______________________________________________ Bug-coreutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-coreutils
