On Mon, Sep 15, 2003 at 04:21:39PM +0100, Steve Kemp wrote: > On Mon, Sep 15, 2003 at 11:00:35AM -0400, Matt Zimmerman wrote: > > $PATH is almost always trusted; the exception is setuid programs which > > should sanitize PATH. xspringies is not setuid, is it? > > It is not setuid/setgid no, but I still think it's best to not trust > the PATH - sure it's not critical, but it's a good think "just in > case".
Just in case somebody decides to move the programs in question? Witness grep. -- Colin Watson [EMAIL PROTECTED]
