Eric Blake <[EMAIL PROTECTED]> wrote: > According to Jim Meyering on 4/22/2008 5:13 PM: > |>> If security isn't enough of an argument, you can consider this yet another > |>> reason not to put "." early in your PATH. Please consider removing > |>> "." from your PATH altogether. > > | Besides, I recognize that no system is immune from risk. > | I.e., a bug in my browser may allow malicious code to create > | that /tmp/ls file you mentioned. > > I personally like having . in my PATH on systems I manage, but only at the > end and never first, so I can guarantee that any important program (like > /bin/ls) cannot be inadvertently replaced by a malicious /tmp/ls.
With "." anywhere in your PATH, you're still subject to the risk of the classic typo-trojan. I.e., if someone/something creates /tmp/sl and you type e.g., "sl" instead of "ls" while in /tmp. _______________________________________________ Bug-coreutils mailing list Bug-coreutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-coreutils
