Mail Archives: cygwin/2005/09/15/15:04:21
"Dave Korn" <dave DOT korn AT artimi DOT com> writes:
> ----Original Message----
>>From: Tino DOT Engel AT infineon DOT com
>>Sent: 15 September 2005 18:35
>
>> Hi,
>>
>> '.' is not in the PATH due to security reasons on most business setups.
>> I do not know if this is due to security against external threads or the
>> user himself...
>
>
> Both, kind of.
>
> Imagine what would happen if
>
> 1) The root user has '.' in $PATH
> 2) The root user wants to see what files are in /tmp, so issues the
> commands
> cd /tmp
> ls
> 3) Ten minutes earlier, some other user ran
> echo "rm -rf / &" >/tmp/ls ; chmod a+x /tmp/ls
>
> Not having '.' in your $PATH means that when you run ls, you always get
> the real ls. (Assuming you haven't given world write perms to /bin).
>
Sure, a totally valid point on Unix or Linux. But on most cygwin installs
that I know of, there is only one user, and if that user (me, for instance),
did something that stupid, oh well...
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -