Re: [vulture@aoi.dyndns.org: Bug#100744: Binary should be in /usr/bin, since it's useful to non-admins.]
bryan@visi.com wrote:
>Sami Haahtinen wrote:
>> i remember a same kind of discussion on traceroute package itself (Bug:
>> #64718), and according to that, the only reason to keep traceroute in
>> /usr/sbin is that it will break scripts which have full paths (i wonder
>> why)
>
>Fixed paths are used in scripts for security reasons. This way the
>expected program is run rather than a trojan or some other program
>with the same name. This assumes the program in the normal posisiton
>is the real one. :-)
That's no reason at all.
PATH=/usr/sbin:/sbin:/usr/bin:/bin
traceroute foo
If you want to avoid random programs you didn't know about being
executed, you have to set your path anyway; that's unless you're one of
the rare people who writes in pure shell with no external programs
involved. Security is a red herring here.
>traceroute was placed in /usr/sbin long before more rigid standards
>for program placement were adopted. So its' placement is an artefact
>of older looser program placement rules.
Once upon a time, lots of binaries were in /etc.
--
Colin Watson [cjw44@flatline.org.uk]
Reply to: