Date: Thu, 19 Nov 1998 08:45:56 +1300 (NZDT) From: Jonathan Chen <jonc@pinnacle.co.nz> To: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl> Cc: freebsd-questions@FreeBSD.ORG, G578@ix.netcom.com Subject: Re: C executables Message-ID: <Pine.SCO.3.96.981119084138.13349B-100000@kiwi.pinnacle.co.nz> In-Reply-To: <XFMail.981118170452.asmodai@wxs.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Nov 1998, Jeroen Ruigrok/Asmodai wrote:
> On 18-Nov-98 Jonathan Chen wrote:
> >
> > If you want to include the current directory, you'll have to modify
> > your startup script for your shell (.login/.profile/.bashrc/etc) to
> > include the current directory for PATH
>
> And by doing that ye start the slow descent into security compromise. If one
> would have . in their PATH ye are risking to faster execute maliscious code
> than by doing ./name.
It all comes down to the compromise between security and convenience.
Having the current directory in PATH as root is *ALWAYS* a bad idea,
but as a std. user is mostly fine (and very convenient) if you're
developing applications; and if you ever run a trojan (what were you
doing peeking into other people's directories?), the only person you'd
affect is yourself - system security is *not* compromised.
Jonathan Chen
----------------------------------------------------------------------
The human mind ordinarily operates at only ten percent of its capacity
-- the rest is overhead for the operating system.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SCO.3.96.981119084138.13349B-100000>