| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| From: | "Dave Korn" <dave DOT korn AT artimi DOT com> |
| To: | <cygwin AT cygwin DOT com> |
| Subject: | RE: Sould . (current dir) be in the PATH |
| Date: | Thu, 15 Sep 2005 18:42:12 +0100 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <5629C3F943FB7F42BF6DBB5DAAC5610201DC493D@mucse204.muc.infineon.com> |
| Message-ID: | <SERRANOtvElzXqHofRV0000041e@SERRANO.CAM.ARTIMI.COM> |
----Original Message----
>From: Tino DOT Engel AT infineon DOT com
>Sent: 15 September 2005 18:35
> Hi,
>
> '.' is not in the PATH due to security reasons on most business setups.
> I do not know if this is due to security against external threads or the
> user himself...
Both, kind of.
Imagine what would happen if
1) The root user has '.' in $PATH
2) The root user wants to see what files are in /tmp, so issues the
commands
cd /tmp
ls
3) Ten minutes earlier, some other user ran
echo "rm -rf / &" >/tmp/ls ; chmod a+x /tmp/ls
Not having '.' in your $PATH means that when you run ls, you always get
the real ls. (Assuming you haven't given world write perms to /bin).
cheers,
DaveK
--
Can't think of a witty .sigline today....
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |