Once upon a time Russell said... > Colin Watson wrote: > > > > I think a more sensible rule is to only put directories in $PATH that > > are at least as trusted as the relevant account. Thus, /usr/bin and so > > on are always fine, ~/bin is only fine for the owning user, and . is > > never a good idea. > > Why is ./ in the path bad? If someone hacked in, couldn't they > set the path to anything they wanted?
On a PC-style unix box (only one user) it doesn't make much difference, but in a multi-user unix environment with people sharing directories and files, someone could potentially trick you into running their program. If you have . early in your path, a program called 'ls' in the current directory could be run instead of /bin/ls. If you have . at the end of your path, you can be caught with common typos. eg. a program called mroe or mkae (typos of more and make). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
