[Novalug] Sample shell code...

Angelo Bertolli angelo@freeshell.org
Fri Feb 23 18:20:43 EST 2007


donjr wrote:
>  "Why putting ~/bin or . in your $PATH is a bad idea"
> <http://www.everything2.com/index.pl?node_id=1362450>
>   

I disagree with this one.  ~/bin is perfectly appropriate in my book. 
Other people should not have access to your ~/bin directory.  The only
reason they can give is:

"Lets assume that somehow a malicious executable got into the current
folder or into ~/bin.  This could be via a security hole in your web
browser or email client, because someone accessed your machine when you
went to get a cup of coffee etc."

You're really screwed either way in that case.  Forget about minor
details like whether or not something is in your ~/bin directory...
they'd just add it to your PATH for you anyway.  The real danger is .
when executing in a directory that you don't know all the contents.  The
reason . is dangerous is because it's ambiguous.

The debian link SEEMS to agree with me ;)

>  "from an older Debian mailing list"
>  <http://lists.debian.org/debian-user/2002/09/msg04694.html>
>   

-- 
Angelo Bertolli
Please remove my email address from your post when replying
[Tech http://bitfreedom.com | Gaming http://heroesonly.com]




More information about the Novalug mailing list