> -----Original Message-----
> From: cygwin-owner On Behalf Of Dave Korn
> Sent: 11 May 2004 18:51
> > -----Original Message-----
> > From: cygwin-owner On Behalf Of Rocket Boy
> > Sent: 11 May 2004 18:44
> > The FAQ says that it is not recommended to add . to
> > $PATH. Anyone, know a compelling reason not to?
>
> It's a security measure for the medium-to-fairly paranoid. :-O
>
> If you had '.' in the $PATH, as soon as you
> log in and run
> ls, you'd end up executing the trojanned version;
And it occurs to me to mention that windoze *always* has . in the current
path, implicitly, and in fact that it's always the very *first* item in the
path. And that was why it used to be possible to trojan a windoze
installation by putting a malicious file into C:\ and calling it
'explorer.exe'......
And that, in turn, is why the windows slogan should be "Insecure by
design"!
cheers,
DaveK
--
Can't think of a witty .sigline today....
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
