Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!amdcad!sun!pitstop!sundc!seismo!uunet!steinmetz!vdsvax!barnett@vdsvax.steinmetz.ge.com
From: barnett@vdsvax.steinmetz.ge.com (Bruce G. Barnett)
Newsgroups: comp.unix.questions
Subject: default search path (was  HELP!!! what is wrong with this code? )
Message-ID: <5774@vdsvax.steinmetz.ge.com>
Date: 14 Oct 88 11:02:44 GMT
References: <456@mrsvr.UUCP> <8271@alice.UUCP> <561@micropen> <8681@smoke.ARPA>
Sender: barnett@vdsvax.steinmetz.ge.com
Reply-To: barnett@steinmetz.ge.com (Bruce G. Barnett)
Organization: GE Corp. R & D, Schenectady, NY
Lines: 15
In-reply-to: gwyn@smoke.ARPA (Doug Gwyn )

This reminds me of a nit I have about the Unixes we have.
The default path provided by login includes '.' first.

Advantages:
	Naive users get the proper behavior when running programs like 'test'
Disadvantages:
	By default, the user is given a path 'wide open' to Trojan horses.

IMHO I think the default nature should be more 'secure', with the
current working directory last in the search path.

Yes, we could patch every /bin/login, but that is not the point.
Do people think the vendors should change this?
-- 
	Bruce Barnett