-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim Meyering wrote: >> PATH is a personal preference. Many people set it like I do. Don't expect >> that PATH is set like you prefer it. > > I'd argue that few people put "." anywhere in PATH, since > doing so constitutes a well-known security risk. > I'm surprised that you would put "." before directories like /usr/bin.
I suppose one should point out, at this juncture, that default installations of OpenBSD have "." at the end of their definition for PATH, in non-root accounts. Apparently, their rationale is that it's "not too bad", and is better to do it a semi-okay way themselves in a default install, than to let users do it themselves, running the risk that they uncluefully PLACE IT AT THE FRONT. I don't write this to invite flames or discussion on whether OpenBSD's practice (or Bruno's) is an advisable one, or to encourage a debate on whether . should be in the PATH at all. But, when a set of developers who have a reputation for being "secure by default" opt for a default configuration that is traditionally considered by many to be less-than-secure, for the concern that some people might do something that pretty much _everyone_ believes is insecure, it would seem very, very advisable to avoid the latter. See the OpenBSD thread at http://article.gmane.org/gmane.os.openbsd.misc/100581 Again, I'm not trying to start a flamewar here; if you read the thread there and still feel that your practice is safe, no need to argue the point here. And I'll concede that the issue is much less serious for people who are the sole user on the system in question. I just wanted to point out that, AFAICT, there's no pros, and significant cons, to placing "." at the head of PATH. - -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer... http://micah.cowan.name/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHruGM7M8hyUobTrERAmadAJ4yrfOibwg709AjUPNbIPYAlRJJAgCdFV9z UqqV6GohaHgY+NAV+RI+OKk= =bnsQ -----END PGP SIGNATURE----- _______________________________________________ Bug-coreutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-coreutils
