> > The PATH variable does not matter for an executable if you are in
> > the directory of the executable, or using the absolute path. When a
> > command is issued at the CMD prompt, the Operating System will first
> > look for an executable file in the current folder, if not found it
> > will scan %PATH% to
>
> Which is a huge security issue by itself. There is a reason why
> almost no other shell behaves like this and even powershell
> did not inherit this behavior. In fact MS introduced the
> $NoDefaultCurrentDirectoryInExePath environment variable to enable
> customers to disable this behaviour.
>
> > (I do consider this a bug because I should not have to include
> > current directory in path).
>
> Well, I don't :)
>
> Thanks, Chris
For a bit of context, Windows/DOS had a lot of built-in commands, such
as the previously-mentioned 'dir' and 'copy', 'del', etc. On Linux/Unix,
on the other hand, almost everything is a separate executable ('ls',
'cp', 'rm', to name three equivalents). So, in Linux, as root, you could
go into a user's subdirectory to look around and type 'ls' to see the
contents. The user, if malicious, could have created a simple shell
script or other executable executable file named 'ls' that did something
nasty ('rm -rf /' comes to mind), and when you typed 'ls', it would run
that file instead and not the /bin/ls you were hoping for. Consequently,
it would be disastrous to have the CURRENT directory in the PATH (after
all, you're probably in another user's home because you have been given
some reason to look around).
Windows is basically catching up a bit. This is definitely not a bug,
it's a security feature, albeit one that breaks backward compatibility
for Windows users.
Salman
--
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/vim_use/CANuxnEeDDpcsGYebRGBMNhD7tUrk53Hnb9uEmVYYsFY03Gz5tQ%40mail.gmail.com.
