This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: Sould . (current dir) be in the PATH

From: "Dave Korn" <dave dot korn at artimi dot com>
To: <cygwin at cygwin dot com>
Date: Thu, 15 Sep 2005 18:42:12 +0100
Subject: RE: Sould . (current dir) be in the PATH

----Original Message----
>From: Tino.Engel@infineon.com
>Sent: 15 September 2005 18:35

> Hi,
> 
> '.' is not in the PATH due to security reasons on most business setups.
> I do not know if this is due to security against external threads or the
> user himself...


  Both, kind of.

  Imagine what would happen if

1)  The root user has '.' in $PATH
2)  The root user wants to see what files are in /tmp, so issues the
commands
   cd /tmp
   ls
3)  Ten minutes earlier, some other user ran
   echo "rm -rf / &" >/tmp/ls ; chmod a+x /tmp/ls

  Not having '.' in your $PATH means that when you run ls, you always get
the real ls.  (Assuming you haven't given world write perms to /bin).

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: Sould . (current dir) be in the PATH
  - From: J. David Boyd

References:
- RE: Sould . (current dir) be in the PATH
  - From: Tino.Engel

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]