[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: small patch to etc/skel/dot.cshrc
[ moved to misc@, perhaps presumptiously ]
> [ . in PATH ] is not a security issue, if that what you are thinking, because
> the paths are searched in order. all the normal binary directories are
> listed first, so no one can slip you a trojaned 'ls' or whatever in the
> current directory.
OK, what about "sl"? Or "fnid"? Or "tpcdump"?
Or, heck, what about "ethereal" if you don't
have it installed on the machine where you're
> Completely removing '.' from your path is an
> overkill solution. and annoying :-)
Eh, it's pretty easy to get used to ./.
I would guess, though, that the various systems that
handle crypto-signing of executables are the real fix
for the problem that banishing . from PATH tries to solve.