Sould . (current dir) be in the PATH

Eric Blake ericblake@comcast.net
Thu Sep 15 18:56:00 GMT 2005


> At 11:10 AM 9/15/2005, you wrote:
> >Hi,
> >
> >I just discovered that . (current directory) is in my PATH. I installed
> >cygwin on my new laptop some weeks ago. I don't think . was in my PATH on
> >my old PC. First I thought it came from my windows PATH, but it does not.
> >
> >Is . normally in the PATH (it was not on a few solaris systems I just
> >checked, but that does not prove anything).

On Windows, . is always in your path (stupid, but true).

In POSIX, . is only in PATH if you put it there.  However, POSIX
states that a leading or trailing :, or doubled :: in the middle of
your PATH implies `.' on your PATH.  Furthermore, when cygwin
translates your Windows %PATH% into the POSIX PATH, it
treats ; as :.  There are several Windows programs that are
rather unfriendly in how they modify %PATH% on installation,
such that you are left with trailing or duplicate ;, which is why
you might be seeing . in your PATH even though you don't
remember putting it there.

> >
> >It is even twice in my PATH, as the last entry, and just after
> >/cygdrive/c/Infoprint.
> >
> 
> '.' is typically not put in the path by default for security reasons.

On the other hand, I like having it in my PATH (okay, so I'm asking
for problems security-wise), but ONLY when it is the LAST entry,
because it saves me two characters when typing configure instead
of ./configure (on the other hand, if I were truly lazy, I'd create
'alias conf=./configure' and have even less to type without having
to put . on my PATH).  The security problem is that if . appears
before absolute directories, then if you cd to a directory where
you have a program of the same name (think ls), you invoke ./ls
instead of the intended /bin/ls.  Classic trojan horse, if you
weren't the author of ./ls.

BTW, 'find -execdir' will complain and fail if . is in your PATH, so
choose your battles.

--
Eric Blake



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list