Path: utzoo!attcan!uunet!clyde.concordia.ca!news-server.csri.toronto.edu!rutgers!usc!zaphod.mps.ohio-state.edu!wuarchive!mit-eddie!uw-beaver!zephyr.ens.tek.com!tektronix!nosun!qiclab!onion!jeff From: jeff@onion.pdx.com (Jeff Beadles) Newsgroups: comp.unix.shell Subject: Re: crontab for ordinary users Message-ID: <1990Oct23.065611.17458@onion.pdx.com> Date: 23 Oct 90 06:56:11 GMT References: Organization: Little to none. Lines: 33 In (Frank P. Bresz) writes: ... >set path = (. ~ ~/bin $lpath /usr/local/bin /usr/ucb /usr/bin /usr/etc) ... > Now for the question (flame request) of the day. Do people in >general agree with me that .cshrc ought to not touch the path variable or >the PATH env and just inherit it? [ To directly answer your question; No ] I believe that you're doing your best to make your system vulnerable to a trojan horse attack with a brain-damaged path like this. *** DOT SHOULD NEVER BE FIRST IN YOUR PATH. *** There are security papers galore that try to beat this into people, but they just don't listen. It IS a very good idea though. Also, it could be argued that general users should not have /etc in their paths... If you MUST have dot (.) in your path, then at least put it at the very end. (ie: set path = (~ ~/bin $lpath /usr/local/bin /usr/ucb /usr/bin /usr/etc .) If you don't know why dot is bad in front of your path, send me email telling me why you need to know. :-) -Jeff -- Jeff Beadles jeff@onion.pdx.com