Re: Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
On Mon, Sep 15, 2003 at 03:47:42PM +0100, Steve Kemp wrote:
> On Mon, Sep 15, 2003 at 10:45:48AM -0400, Matt Zimmerman wrote:
> > > +#define COMPRESS "/bin/gzip"
> > > +#define UNCOMPRESS "/bin/gunzip -c"
> > I've never been a proponent of hardcoding paths to programs. This will
> > immediately make the program non-portable to basically any non-GNU type
> > system, and doesn't provide any significant benefit (/bin is in PATH).
> I'm not terribly keen on it myself, but I do think that it's safer
> than trusting a potentially malicious $PATH setting.
$PATH is almost always trusted; the exception is setuid programs which
should sanitize PATH. xspringies is not setuid, is it?