Subject: . in path
To: None <current-users@netbsd.org>
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
List: current-users
Date: 12/12/1994 07:45:40
Apparently, csh now produces the message
Warning: exported path contains relative components.
when running as root with . in the path. sh has, for some time,
produced a similar complaint.
Since when has it been the shell's duty to warn of possible security
problems? IMO this check belongs in /.profile and/or /.cshrc, not in
the shell itself. Should it also check every executable being run to
make sure there are no world-write directories on the path leading to
it? That's a security risk too, y'know.
der Mouse
mouse@collatz.mcrcim.mcgill.edu