[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X



Re: Re: Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X [Steve Kemp <skx@debian.org>, Mon, Sep 15, 2003 at 04:21:39PM +0100, <20030915152139.GA30433@steve.org.uk>]
> > $PATH is almost always trusted; the exception is setuid programs which
> > should sanitize PATH.  xspringies is not setuid, is it?
> 
>   It is not setuid/setgid no, but I still think it's best to not trust
>  the PATH - sure it's not critical, but it's a good think "just in
>  case".

I like to use $PATH with ~/bin at the beginning to allow me to put
wrappers around programs. For example I could have a shell script
~/bin/gzip that calls the real gzip after doing some stuff:

$!/bin/sh
echo "Compressing $1" >> ~/log/gzip.log
exec /usr/bin/gzip "$@"

It doesn't make much sense in this example, but I'd find it rather
annoying if packages would have hardcoded paths compiled in.

Some weeks ago there was a discussion whether mutt should call
/usr/bin/gpg rather than gpg because "gpg was security critical". I have
a ~/bin/gpg that calls a agent-enabled version of gpg, which makes
perfectly sense.

Christoph
-- 
Christoph Berg <cb@df7cb.de>, http://www.df7cb.de/
Wohnheim D, 2405, Universität des Saarlandes, 0681/9657944

Attachment: pgp15cdIDKL7x.pgp
Description: PGP signature


Reply to: