[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: small patch to etc/skel/dot.cshrc

To: jamesll@acm.org
Subject: Re: small patch to etc/skel/dot.cshrc
From: Chris Jepeway <jepeway@blasted-heath.com>
Date: Tue, 17 Feb 2004 18:45:54 -0500
Cc: misc@openbsd.org, eric <eric@catastrophe.net>

[ moved to misc@, perhaps presumptiously ]
> [ . in PATH ] is not a security issue, if that what you are thinking, because 
> the paths are searched in order.  all the normal binary directories are 
> listed first, so no one can slip you a trojaned 'ls' or whatever in the 
> current directory.
OK, what about "sl"?  Or "fnid"?  Or "tpcdump"?
Or, heck, what about "ethereal" if you don't
have it installed on the machine where you're
typing?

> Completely removing '.' from your path is an 
> overkill solution.  and annoying :-)
Eh, it's pretty easy to get used to ./.

I would guess, though, that the various systems that
handle crypto-signing of executables are the real fix
for the problem that banishing . from PATH tries to solve.

> james
Chris <jepeway@blasted-heath.com>.

Follow-Ups:
- Re: small patch to etc/skel/dot.cshrc
  - From: Andreas Kahari <ak+openbsd@freeshell.org>

Prev by Date: Re: list of supported hardware of 3.5 (not plus.html!)
Next by Date: Re: no colour in vt220 termcap?
Prev by thread: cross-post... sorry.
Next by thread: Re: small patch to etc/skel/dot.cshrc
Index(es):
- Date
- Thread