Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!AERO4.LARC.NASA.GOV!blbates
From: blbates@AERO4.LARC.NASA.GOV ("Brent L. Bates AAD/TAB MS361 x42854")
Newsgroups: comp.sys.sgi
Subject: Re:  . in $path
Message-ID: <9004121745.AA01073@aero4.larc.nasa.gov>
Date: 12 Apr 90 15:45:42 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 17


    Personally, I find the practice of NOT having '.' in your path,
extremely paranoid.  It assumes you can't trust any of the users on
that machine.  The "security hole" is that if you are in someone elses
directory and you execute what you think is a system command and that
person has a command by that name, they could cause you to do anything
they want and you wouldn't know about it.  You could always make it the
last place to look by putting it at the end of the path.
    If you can't trust the people you work with, who can you trust?!
--

	Brent L. Bates
	NASA-Langley Research Center
	M.S. 361
	Hampton, Virginia  23665-5225
	(804) 864-2854
	E-mail: blbates@aero4.larc.nasa.gov or blbates@aero2.larc.nasa.gov