Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
From: ericblake AT comcast DOT net (Eric Blake)
To: Cygwin List <cygwin AT cygwin DOT com>, Morten Kjarulff <MKJ AT dk DOT ibm DOT com>,
   cygwin AT cygwin DOT com
Subject: Re: Sould . (current dir) be in the PATH
Date: Thu, 15 Sep 2005 17:47:51 +0000
Message-Id: <091520051747.717.4329B3C700045062000002CD22073000330A050E040D0C079D0A@comcast.net>

> At 11:10 AM 9/15/2005, you wrote:
> >Hi,
> >
> >I just discovered that . (current directory) is in my PATH. I installed
> >cygwin on my new laptop some weeks ago. I don't think . was in my PATH on
> >my old PC. First I thought it came from my windows PATH, but it does not.
> >
> >Is . normally in the PATH (it was not on a few solaris systems I just
> >checked, but that does not prove anything).

On Windows, . is always in your path (stupid, but true).

In POSIX, . is only in PATH if you put it there.  However, POSIX
states that a leading or trailing :, or doubled :: in the middle of
your PATH implies `.' on your PATH.  Furthermore, when cygwin
translates your Windows %PATH% into the POSIX PATH, it
treats ; as :.  There are several Windows programs that are
rather unfriendly in how they modify %PATH% on installation,
such that you are left with trailing or duplicate ;, which is why
you might be seeing . in your PATH even though you don't
remember putting it there.

> >
> >It is even twice in my PATH, as the last entry, and just after
> >/cygdrive/c/Infoprint.
> >
> 
> '.' is typically not put in the path by default for security reasons.

On the other hand, I like having it in my PATH (okay, so I'm asking
for problems security-wise), but ONLY when it is the LAST entry,
because it saves me two characters when typing configure instead
of ./configure (on the other hand, if I were truly lazy, I'd create
'alias conf=./configure' and have even less to type without having
to put . on my PATH).  The security problem is that if . appears
before absolute directories, then if you cd to a directory where
you have a program of the same name (think ls), you invoke ./ls
instead of the intended /bin/ls.  Classic trojan horse, if you
weren't the author of ./ls.

BTW, 'find -execdir' will complain and fail if . is in your PATH, so
choose your battles.

--
Eric Blake



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/