On Sat, Sep 28, 2002 at 05:44:58PM +1000, Russell wrote: > Colin Watson wrote: > > I think a more sensible rule is to only put directories in $PATH that > > are at least as trusted as the relevant account. Thus, /usr/bin and so > > on are always fine, ~/bin is only fine for the owning user, and . is > > never a good idea. > > Why is ./ in the path bad? If someone hacked in, couldn't they > set the path to anything they wanted?
Unlike ~/bin, the current directory is not always under your control. If you put . in $PATH, then 'cd /tmp; ls' is no longer safe. The current directory is potentially in a different security domain, and should be treated accordingly. ~/bin is in your own security domain, so there is no need to worry about using it. -- Colin Watson [[EMAIL PROTECTED]] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
