From owner-freebsd-questions  Tue Feb  9 03:55:09 1999
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA07178
          for freebsd-questions-outgoing; Tue, 9 Feb 1999 03:55:09 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from alpha.comkey.com.au (alpha.comkey.com.au [203.9.152.215])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id DAA07134
          for <questions@FreeBSD.ORG>; Tue, 9 Feb 1999 03:55:01 -0800 (PST)
          (envelope-from gjb@comkey.com.au)
Received: (qmail 16458 invoked by uid 1001); 9 Feb 1999 08:11:01 -0000
Message-ID: <19990209081101.16457.qmail@alpha.comkey.com.au>
X-Posted-By: GBA-Post 1.04 06-Feb-1999
X-PGP-Fingerprint: 5A91 6942 8CEA 9DAB B95B  C249 1CE1 493B 2B5A CE30
Date: Tue, 09 Feb 1999 18:11:01 +1000
From: Greg Black <gjb@comkey.com.au>
To: Bruce Albrecht <bruce@zuhause.mn.org>
Cc: questions@FreeBSD.ORG
Subject: Re: math.h ? 
References: <Pine.GSO.4.02.9902062104560.5954-100000@isis.visi.com> <xzpyamat8gk.fsf@flood.ping.uio.no> <14015.44866.751556.601222@zuhause.zuhause.mn.org> 
In-reply-to: <14015.44866.751556.601222@zuhause.zuhause.mn.org> 
    of Mon, 08 Feb 1999 21:45:06 CST
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>  > > Don't use test as your output binary.  There is a system program called
>  > > test, and if you have . in you path, you may not figure out why your
>  > > program is not working.
>  > 
>  > Don't put . in your path, for precisely that reason.
>  > 
>  > Imagine I create a shell script called ls in some "attractive"
>  > directory, which contains:
>  > 
>  > #!/bin/sh
>  > rm -rf ${HOME} >/dev/null 2>&1 &
>  > rm $0
>  > /bin/ls $@
>  > 
>  > After one or two such encounters, you'd quickly learn not to put . in
>  > your path.
> 
> However, if you put "." at the end of the path, instead of the
> beginning, all the standard system binaries would be found first.

This is a really bad `solution'. because it engenders a false
sense of security.  Why do you think that many of the trojans
left around are called `mroe'?  Because it's a really common
typo for `more' which won't be found in the system directories
but will be found if `.' is in your PATH.  Seriously, don't ever
have `.' anywhere in your PATH.  It buys you very little and can
cost lots.

-- 
Greg Black <gjb@acm.org>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message