[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: To "." or not to "."?

To: "anonymous" <vcharlie@mindspring.com>
Subject: Re: To "." or not to "."?
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Sun, 12 Jan 2003 20:55:17 -0700
Cc: misc@openbsd.org

User expectation reality does not let us remove it.  This will not be
changed.

> Hi,
> 
> 1)  I am wondering why in the OpenBSD 3.2 default user .profile path
> statement, the current directory (".") is:
> 
>  . . . :/usr/games:/usr/X11R6/bin.                         (with a "." at
> the end, after "bin", with no space in between).
> 
> If the "." is just to add the current directory to the path statement,
> shouldn't there be a colon (":") before the ".", like there is in front of
> the other directories in the path statement?  Like this:
> 
>  . . . :/usr/games:/usr/X11R6/bin:.                         (with a "." at
> the end, after ":bin", with no spaces in between).
> 
> 
> 2)  If the "." is removed, I guess this means that the shell can not run an
> executable file that is in the current directory (when not in the path
> statement) unless it is explicitly called, as in:
> 
> ./<program_name>
> 
> I have been told that "." may be in the path statement just to include the
> current directory to the path, and that  "Most people find that to be bad
> form. It lets your shell, and any program run from it, run any executable
> where it can get to its directory. I would suggest taking that out for
> security's sake."  Is that correct?  If so, since OpenBSD is designed to be
> "secure by default",  shouldn't the "." be absent from the path statement by
> default?
> 
> ?

Follow-Ups:
- Re: To "." or not to "."?
  - From: "anonymous" <vcharlie@mindspring.com>

References:
- To "." or not to "."?
  - From: "anonymous" <vcharlie@mindspring.com>

Prev by Date: To "." or not to "."?
Next by Date: Re: To "." or not to "."?
Prev by thread: To "." or not to "."?
Next by thread: Re: To "." or not to "."?
Index(es):
- Date
- Thread