On 15.08.2014 10:57, Ondřej Surý wrote:
Hi Zlatko,
I will fix that in git, but having "." in $PATH (especially for root
user)
is a very bad bad practice and really should be avoided due security
reasons.
No, it's not. It's a bad practice ONLY if some requirements are met,
which has not been the case here, for a long time.
Imagine someone dropping a malware binary in /tmp ...
That someone already has a root password, so it's easier for him to use
it than to drop malware and wait for me to step on it. ;)
The point being of course, dot in the PATH is dangerous ONLY if you are
on a multiuser machine where there are people with shell access who you
can't trust. I haven't seen such machine in decades, and of course I'll
remember to remove the all-dangerous dot from the PATH then. In the
meantime, my boxes are so much friendlier with the dot included. :)
Thanks for quick response!
--
Zlatko
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
