Date: Thu, 19 Nov 1998 08:45:56 +1300 (NZDT) From: Jonathan Chen <jonc@pinnacle.co.nz> To: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl> Cc: freebsd-questions@FreeBSD.ORG, G578@ix.netcom.com Subject: Re: C executables Message-ID: <Pine.SCO.3.96.981119084138.13349B-100000@kiwi.pinnacle.co.nz> In-Reply-To: <XFMail.981118170452.asmodai@wxs.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Nov 1998, Jeroen Ruigrok/Asmodai wrote: > On 18-Nov-98 Jonathan Chen wrote: > > > > If you want to include the current directory, you'll have to modify > > your startup script for your shell (.login/.profile/.bashrc/etc) to > > include the current directory for PATH > > And by doing that ye start the slow descent into security compromise. If one > would have . in their PATH ye are risking to faster execute maliscious code > than by doing ./name. It all comes down to the compromise between security and convenience. Having the current directory in PATH as root is *ALWAYS* a bad idea, but as a std. user is mostly fine (and very convenient) if you're developing applications; and if you ever run a trojan (what were you doing peeking into other people's directories?), the only person you'd affect is yourself - system security is *not* compromised. Jonathan Chen ---------------------------------------------------------------------- The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SCO.3.96.981119084138.13349B-100000>