firefox2
Les Mikesell
lesmikesell at gmail.com
Tue Feb 27 17:17:46 UTC 2007
Hikaru Amano wrote:
> On 2/27/07, Les Mikesell <lesmikesell at gmail.com> wrote:
>> Just about any book on computer security or best practices should cover
>> why PATH should not include your current directory. Obviously the
>> people at Microsoft didn't read them either.
>>
> Agree .. its a tradeoff between convenience and security ....
> therefore, a balanced equation :P .. something gained something loss
> ..
Yes, the convenience of not having to specify the path to the current
directory (./) on the rare occasion you'd want to do that instead of
putting your executable in a sensible place comes at the expense of
never knowing exactly what you are going to run.
--
Les Mikesell
lesmikesell at gmail.com
More information about the users
mailing list