Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!decvax!harpo!seismo!hao!hplabs!sri-unix!gwyn@brl-vld From: gwyn@brl-vld@sri-unix.UUCP Newsgroups: net.unix-wizards Subject: Re: Security and $PATH Message-ID: <3668@sri-arpa.UUCP> Date: Sun, 31-Jul-83 16:22:03 EDT Article-I.D.: sri-arpa.3668 Posted: Sun Jul 31 16:22:03 1983 Date-Received: Tue, 2-Aug-83 10:00:22 EDT Lines: 16 From: Doug Gwyn (VLD/VMB)I don't see any security problem with PATH=:/bin:/usr/bin etc. since only the user having programs with the same name as standard utilities in his current directory would be affected. However, the incautious super-user could get in trouble while rummaging around in other peoples' directories (serves him right). At BRL we set a different path like PATH=/etc:/bin:/usr/bin for su and super-user sh to avoid possible problems. It would generally be more efficient to have the system directories first in the search $PATH, since most commands are not found in the current directory. Less confusing, too. I think everybody ought to have a $PATH set in his .profile so he can do what he wants in this regard.