. in $path
Brent L. Bates AAD/TAB MS361 x42854
blbates at AERO4.LARC.NASA.GOV
Fri Apr 13 01:45:42 AEST 1990
Personally, I find the practice of NOT having '.' in your path,
extremely paranoid. It assumes you can't trust any of the users on
that machine. The "security hole" is that if you are in someone elses
directory and you execute what you think is a system command and that
person has a command by that name, they could cause you to do anything
they want and you wouldn't know about it. You could always make it the
last place to look by putting it at the end of the path.
If you can't trust the people you work with, who can you trust?!
--
Brent L. Bates
NASA-Langley Research Center
M.S. 361
Hampton, Virginia 23665-5225
(804) 864-2854
E-mail: blbates at aero4.larc.nasa.gov or blbates at aero2.larc.nasa.gov
More information about the Comp.sys.sgi
mailing list