> On Wed, 13 Jan 1999, Shawn Bayern wrote:
>
> > I argued for "." in the path but was shot down. :) However, I think the
> > policy will be reconsidered soon based on requests from faculty.
>
> what reasons were given against adding it?
The threat, such as it is, comes from trojan horses. Suppose . is at the
end of my path, where it usually would be. Say I run a custom program a
lot called "foo" and store it in my home directory. There's no "foo" in
the standard system paths, so things work out just fine most of the time.
But if someone knows or guesses that I like to run "foo" and also guesses
that I might change to /tmp (or some other world-writable directory) and
type "foo," he can stick his own "foo" in /tmp and wait for me to run it.
This "foo" will do whatever he wants it to, running as me, thus
compromising my account.
I don't think this threat is tangible enough to be a real problem, but I
see the argument. I think the convenience is worth the slight risk,
though. It's vastly more likely, from my point of view, that someone
sitting next to me is going to type something on my keyboard while I'm
looking away from it. :)
Shawn