Subject: Re: . in path
To: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
From: John Hawkinson <jhawk@panix.com>
List: current-users
Date: 12/12/1994 11:25:31
> Since when has it been the shell's duty to warn of possible security
> problems?
For the same reason that gets() does, I daresay.
> IMO this check belongs in /.profile and/or /.cshrc, not in the shell
> itself. Should it also check every executable being run to make
> sure there are no world-write directories on the path leading to it?
> That's a security risk too, y'know.
I like to consider it out friendly little quick-and-dirty check; it's
easy to do, so why not?
I would STILL like to know why dot is in the default PATH for sh, as
set in var.c; this seems like very broken behavior to me...
--
John Hawkinson
jhawk@panix.com