[Novalug] Sample shell code...
Angelo Bertolli
angelo@freeshell.org
Fri Feb 23 18:20:43 EST 2007
donjr wrote:
> "Why putting ~/bin or . in your $PATH is a bad idea"
> <http://www.everything2.com/index.pl?node_id=1362450>
>
I disagree with this one. ~/bin is perfectly appropriate in my book.
Other people should not have access to your ~/bin directory. The only
reason they can give is:
"Lets assume that somehow a malicious executable got into the current
folder or into ~/bin. This could be via a security hole in your web
browser or email client, because someone accessed your machine when you
went to get a cup of coffee etc."
You're really screwed either way in that case. Forget about minor
details like whether or not something is in your ~/bin directory...
they'd just add it to your PATH for you anyway. The real danger is .
when executing in a directory that you don't know all the contents. The
reason . is dangerous is because it's ambiguous.
The debian link SEEMS to agree with me ;)
> "from an older Debian mailing list"
> <http://lists.debian.org/debian-user/2002/09/msg04694.html>
>
--
Angelo Bertolli
Please remove my email address from your post when replying
[Tech http://bitfreedom.com | Gaming http://heroesonly.com]
More information about the Novalug
mailing list