Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com To: cygwin AT cygwin DOT com From: david AT adboyd DOT com (J. David Boyd) Subject: Re: Sould . (current dir) be in the PATH Date: Thu, 15 Sep 2005 14:59:21 -0400 Lines: 33 Message-ID: References: <5629C3F943FB7F42BF6DBB5DAAC5610201DC493D AT mucse204 DOT muc DOT infineon DOT com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) X-IsSubscribed: yes "Dave Korn" writes: > ----Original Message---- >>From: Tino DOT Engel AT infineon DOT com >>Sent: 15 September 2005 18:35 > >> Hi, >> >> '.' is not in the PATH due to security reasons on most business setups. >> I do not know if this is due to security against external threads or the >> user himself... > > > Both, kind of. > > Imagine what would happen if > > 1) The root user has '.' in $PATH > 2) The root user wants to see what files are in /tmp, so issues the > commands > cd /tmp > ls > 3) Ten minutes earlier, some other user ran > echo "rm -rf / &" >/tmp/ls ; chmod a+x /tmp/ls > > Not having '.' in your $PATH means that when you run ls, you always get > the real ls. (Assuming you haven't given world write perms to /bin). > Sure, a totally valid point on Unix or Linux. But on most cygwin installs that I know of, there is only one user, and if that user (me, for instance), did something that stupid, oh well... -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/