> Since when has it been the shell's duty to warn of possible security
> problems?

For the same reason that gets() does, I daresay.

> IMO this check belongs in /.profile and/or /.cshrc, not in the shell
> itself.  Should it also check every executable being run to make
> sure there are no world-write directories on the path leading to it?
> That's a security risk too, y'know.

I like to consider it out friendly little quick-and-dirty check; it's
easy to do, so why not?

I would STILL like to know why dot is in the default PATH for sh, as
set in var.c; this seems like very broken behavior to me...

--
John Hawkinson
jhawk@panix.com