firefox2

Les Mikesell lesmikesell at gmail.com
Tue Feb 27 17:17:46 UTC 2007


Hikaru Amano wrote:
> On 2/27/07, Les Mikesell <lesmikesell at gmail.com> wrote:
>> Just about any book on computer security or best practices should cover
>> why PATH should not include your current directory.  Obviously the
>> people at Microsoft didn't read them either.
>>
> Agree  .. its a tradeoff between convenience and security ....
> therefore, a balanced equation :P .. something gained something loss
> ..

Yes, the convenience of not having to specify the path to the current 
directory (./) on the rare occasion you'd want to do that instead of 
putting your executable in a sensible place comes at the expense of 
never knowing exactly what you are going to run.

-- 
  Les Mikesell
   lesmikesell at gmail.com




More information about the users mailing list