On Do, 18 Dez 2025, Chainsaw wrote:
> The PATH variable does not matter for an executable if you are in the > directory of the executable, or using the absolute path. When a command is > issued at the CMD prompt, the Operating System will first look for an > executable file in the current folder, if not found it will scan %PATH% to Which is a huge security issue by itself. There is a reason why almost no other shell behaves like this and even powershell did not inherit this behavior. In fact MS introduced the $NoDefaultCurrentDirectoryInExePath environment variable to enable customers to disable this behaviour. And Vim does set this environment variable since patch 9.1.1947 (see https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834 for the reasoning). I'd recommend not to rely on that behavior (e.g. what happens if you have a malicious dir.cmd in your current directory)? In any case, I suppose you could disable this behavior by unsetting $NoDefaultCurrentDirectoryInExePath from your environment, like: set NoDefaultCurrentDirectoryInExePath= > (I do consider this a bug because I should not have to include current > directory in path). Well, I don't :) Thanks, Chris -- And in the heartbreak years that lie ahead, Be true to yourself and the Grateful Dead. -- Joan Baez -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/vim_use/aUQiJEqE/Ml4mf9t%40256bit.org.
