Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com From: "Dave Korn" To: Subject: RE: Problems with Indirect Interpretation (#!/bin/csh, #!/bin/tcsh, #!/bin/perl, etc...) Date: Tue, 11 May 2004 19:09:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit In-Reply-To: Message-ID: X-OriginalArrivalTime: 11 May 2004 18:09:08.0382 (UTC) FILETIME=[0DBB03E0:01C43783] > -----Original Message----- > From: cygwin-owner On Behalf Of Dave Korn > Sent: 11 May 2004 18:51 > > -----Original Message----- > > From: cygwin-owner On Behalf Of Rocket Boy > > Sent: 11 May 2004 18:44 > > The FAQ says that it is not recommended to add . to > > $PATH. Anyone, know a compelling reason not to? > > It's a security measure for the medium-to-fairly paranoid. :-O > > If you had '.' in the $PATH, as soon as you > log in and run > ls, you'd end up executing the trojanned version; And it occurs to me to mention that windoze *always* has . in the current path, implicitly, and in fact that it's always the very *first* item in the path. And that was why it used to be possible to trojan a windoze installation by putting a malicious file into C:\ and calling it 'explorer.exe'...... And that, in turn, is why the windows slogan should be "Insecure by design"! cheers, DaveK -- Can't think of a witty .sigline today.... -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/