From owner-freebsd-arch  Thu Jun 29 12: 6:10 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from dt052n3e.san.rr.com (dt052n3e.san.rr.com [204.210.33.62])
	by hub.freebsd.org (Postfix) with ESMTP id CC6AD37BFBC
	for <arch@FreeBSD.ORG>; Thu, 29 Jun 2000 12:06:03 -0700 (PDT)
	(envelope-from Doug@gorean.org)
Received: from slave (doug@slave [10.0.0.1])
	by dt052n3e.san.rr.com (8.9.3/8.9.3) with ESMTP id MAA07896;
	Thu, 29 Jun 2000 12:05:25 -0700 (PDT)
	(envelope-from Doug@gorean.org)
Date: Thu, 29 Jun 2000 12:05:25 -0700 (PDT)
From: Doug Barton <Doug@gorean.org>
X-Sender: doug@dt052n3e.san.rr.com
To: John Hay <jhay@mikom.csir.co.za>
Cc: Sheldon Hearn <sheldonh@uunet.co.za>, arch@FreeBSD.ORG
Subject: Re: mergemaster: Change in description of envar handling
In-Reply-To: <200006291832.e5TIWTW63381@zibbi.mikom.csir.co.za>
Message-ID: <Pine.BSF.4.21.0006291200110.7874-100000@dt052n3e.san.rr.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 29 Jun 2000, John Hay wrote:

> > 
> > 	No. I already conceded part of this point a while back when I developed
> > the .mergemasterrc mechanism so that people could specify their own PATH
> > (among other things), so there is already a way out of this for those
> > who are not interested in specifying the full path to their PAGER. I'm
> > definitely not going to support a text change which moves away from
> > encouraging "best practice." 
> 
> Can you tell me why it is good practise to use full paths for environment
> variables, because I don't understand it.

	Essentially, it's the same argument as not putting '.' in the
PATH. Are there bigger, more important security holes to worry
about? Absolutely. That doesn't mean that doing what you can to improve
security isn't worthwhile. 

	In any case, this is a very small issue, and it's not central to
what mergemaster does, or how it does it. If you don't agree, that's ok
with me, my feelings won't be hurt. I've already agreed to expand that
"advisory" to make it more clear. 

	Man... you'd think I was asking people to jam hot needles in their
eyes....

-- 
        "Live free or die"
		- State motto of my ancestral homeland, New Hampshire

	Do YOU Yahoo!?




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message