Cyril Brulebois <[EMAIL PROTECTED]> writes: > Alex Romosan <[EMAIL PROTECTED]> (12/11/2008): > >> but this seems silly. shouldn't the current directory be appended to >> the end of the system path so system modules are loaded first and then >> if they don't exist they are loaded from the current directory? > > That might be done, but I'm not very inclined to relax that sanity check > to allow “userscripts” again; I'm sorry, I kind of prefer having people > deliberately add “.” as you mentioned to having possible security holes > (not as obvious as previously, but I guess one could craft something).
i agree that having the current directory first in the path is a security risk but having it after the system paths wouldn't it mean that the system modules were loaded so there would be no security risk? --alex-- -- | I believe the moment is at hand when, by a paranoiac and active | | advance of the mind, it will be possible (simultaneously with | | automatism and other passive states) to systematize confusion | | and thus to help to discredit completely the world of reality. | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
