On 2025-12-18 10:47 am, Christian Brabandt wrote:
On Do, 18 Dez 2025, Chainsaw wrote:
The PATH variable does not matter for an executable if you are in the
directory of the executable, or using the absolute path. When a
command is
issued at the CMD prompt, the Operating System will first look for an
executable file in the current folder, if not found it will scan
%PATH% to
Which is a huge security issue by itself. There is a reason why almost
no other shell behaves like this and even powershell did not inherit
this behavior. In fact MS introduced the
$NoDefaultCurrentDirectoryInExePath environment variable to enable
customers to disable this behaviour.
And Vim does set this environment variable since patch 9.1.1947 (see
https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834 for
the reasoning).
I'd recommend not to rely on that behavior (e.g. what happens if you
have a malicious dir.cmd in your current directory)?
In any case, I suppose you could disable this behavior by unsetting
$NoDefaultCurrentDirectoryInExePath from your environment, like:
set NoDefaultCurrentDirectoryInExePath=
(I do consider this a bug because I should not have to include current
directory in path).
Well, I don't :)
Thanks,
Chris
--
And in the heartbreak years that lie ahead,
Be true to yourself and the Grateful Dead.
-- Joan Baez
--
Chris,
Thanks for the info. Sorry for calling it a bug, it was the sudden
change in Vims behavior that threw me off. I download the updates daily
and do read the description of changes, but 9.1.1947 happened right at
the time I was swithing over to a new Windows 11 machine, which is why I
never saw this in Win10, and accociated it with a Vim Win11 problem.
Guess I spoke too soon.
I do like the option to set NoDefaultCurrentDirectoryInExePath, however
a malicious executable could also be anywhere in your PATH, and so many
programs/scripts rely on the OS to search the current directory first.
This is one of those 'fixes' that has pros and cons.
Thanks again for everyones help, and thank you Chris and your team for
keeping Vim alive.
Chainsaw
--
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups "vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/vim_use/5967d1175358a53d9551d5995ff3bfe4%40fourbarlinkage.net.
