This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Sould . (current dir) be in the PATH


"Dave Korn" <dave.korn@artimi.com> writes:

> ----Original Message----
>>From: Tino.Engel@infineon.com
>>Sent: 15 September 2005 18:35
>
>> Hi,
>> 
>> '.' is not in the PATH due to security reasons on most business setups.
>> I do not know if this is due to security against external threads or the
>> user himself...
>
>
>   Both, kind of.
>
>   Imagine what would happen if
>
> 1)  The root user has '.' in $PATH
> 2)  The root user wants to see what files are in /tmp, so issues the
> commands
>    cd /tmp
>    ls
> 3)  Ten minutes earlier, some other user ran
>    echo "rm -rf / &" >/tmp/ls ; chmod a+x /tmp/ls
>
>   Not having '.' in your $PATH means that when you run ls, you always get
> the real ls.  (Assuming you haven't given world write perms to /bin).
>

Sure, a totally valid point on Unix or Linux.  But on most cygwin installs
that I know of, there is only one user, and if that user (me, for instance),
did something that stupid, oh well...



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]