Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!decvax!harpo!seismo!hao!hplabs!sri-unix!gwyn@brl-vld
From: gwyn@brl-vld@sri-unix.UUCP
Newsgroups: net.unix-wizards
Subject: Re:  Security and $PATH
Message-ID: <3668@sri-arpa.UUCP>
Date: Sun, 31-Jul-83 16:22:03 EDT
Article-I.D.: sri-arpa.3668
Posted: Sun Jul 31 16:22:03 1983
Date-Received: Tue, 2-Aug-83 10:00:22 EDT
Lines: 16

From:      Doug Gwyn (VLD/VMB) 

I don't see any security problem with PATH=:/bin:/usr/bin etc.
since only the user having programs with the same name as standard
utilities in his current directory would be affected.  However,
the incautious super-user could get in trouble while rummaging
around in other peoples' directories (serves him right).  At BRL
we set a different path like PATH=/etc:/bin:/usr/bin for su and
super-user sh to avoid possible problems.

It would generally be more efficient to have the system directories
first in the search $PATH, since most commands are not found in the
current directory.  Less confusing, too.

I think everybody ought to have a $PATH set in his .profile so he
can do what he wants in this regard.