/etc/profile puts current directory in path
There was a lot of discussion recently about how secure a system should be out of the box, and how this conflicts with usability. My opinion is that if you think about security when you are designing something you can often give the security people want without affecting usability. Anyway, my real point is that I have an example where better design would have made it easier for people who want security without impacting those who don't know or care. In /etc/profile is the line test "$UID" = 0 || PATH="$PATH:." and at the top is a warning in big letters not to edit /etc/profile. Now I really hate having dot in the path, whether I am root or not. It is insecure, and also confusing (many times I have seen puzzled students trying to run a program they have named 'test'). But I appreciate that many other people like having dot in the path and get upset if it isn't there. The current setup provides no simple way to cater for my needs. I had to write a script to remove dot from the path (putting a hard-coded path in .profile is also evil because it will become obsolete if the path in /etc/profile is changed). A much better approach is for /etc/profile to have the secure setting and to put the optional adding of dot in the skeleton ~/.profile . A configuration option could select whether the default .profile does or does not add the dot. Or if adding a configuration option is too hard then just put good comments in .profile . Regards, Bob ============================================================== Bob Vickers R.Vickers@dcs.rhbnc.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhbnc.ac.uk/home/bobv Phone: +44 1784 443691
On Fri, 8 Sep 2000, Bob Vickers wrote:
insecure, and also confusing (many times I have seen puzzled students trying to run a program they have named 'test'). But I appreciate that
Yes, I agree! It should be preferable, that every user has its own $HOME/bin and Makefiles with lines like "cp $@ $(HOME)/bin" ... With $HOME/bin in the beginning of the PATH, it should be fine for running "test"-programms ;) Cheers, Peter -- Peter Münster http://w3pm.stormloader.com/ *** Sign now: http://petition.eurolinux.org/ ***
participants (2)
-
Bob Vickers
-
Peter Münster