[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] c compiler



WHY keep known security holes open? There is no necessity  for all common
programs to be in your path. Normally users do not have access to /usr/sbin,
/sbin. /bin through the path. Any programs they need to execute , from
there, need to have absolute paths defined. I spoke of ls as an example only
as the most commonly used command.How about traceroute , nslookup etc. which
are in /sbin , or in /usr/sbin . One normally uses absolute paths ONLY when
the current path fails to turn up the required command. I normally do a
traceroute before any big download and select a mirror based on that as well
as on traffic. ( try a flood ping but VERRRRRY carefully). Again , even for
common programs in /usr etc , there is no necessity for all packages to
exist. I *STRONGLY* disagree with Atul Chitnis in the matter of choosing
everything for an install. Wherever T have installed Linux or even at home,
I grab the sources and compile it for the target machine( that includes
glibc 2.1.2). I do not see any sense in stuffing a machine full of packages
which most users might never need or very rarely use.Linux distributions are
rapidly approaching Bloatware proportions, more commonly found on windows
machines. Again when you have the option of being able to use a program
which can be optimised to the last ounce in your machine( everything gets
compiled for the 486 by default nowadays, earlier ,  it was a 386, for Intel
and forget even that for an alpha, god knows what the default is!!!), do it
! At least recompile bzip2 and the ziputils. I got a 25% - 60% difference in
speed when I recompiled them with -march=i686 and -O6. In such a situation ,
keeping the current directory in the path is nothing short of suicidal
 remember While Linux is being promoted as a desktop solution, it is best as
a server , *and* see what students can come up with when it is a server in a
lab).
SHanker

----- Original Message -----
From: S.V.N.Vishwanathan <vishy@xxxxxxxxxxxxxxxxx>
To: Linux India Mailing List <linux-india@xxxxxxxxxxxxxxxxxxxxx>
Sent: Saturday, November 13, 1999 1:30 PM
Subject: Re: [LI] c compiler


> <snip>
> >The current directory is never put in the PATH variable by default for
> >reasons of security .... I wonder is it correct to add it to the path for
> >convenience alone??
> <snip>
>
> <snip>
> >just set your PATH varaiable to include the Present Working Directory
i.e.
> <snip>
>
> I think its a good idea to put the PWD at the end of the PATH variable.
> Consider the security hole to which someone had refered to earlier.
> if say there is a malicious program called ls in your PWD. If you type ls
> at the prompt the ls command (i.e /bin/ls) will still be executed as
> opposed to the ls (i.e. ./ls) in your PWD. This is because the PWD occurs
> later in the path as opposed to /bin and the PATH is searched serially.
> cheers
> -vishy
>
>
> --------------------------------------------------------------------
> The Linux India Mailing List Archives are now available.  Please search
> the archive at http://lists.linux-india.org/ before posting your question
> to avoid repetition and save bandwidth.
>
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.