Re: question on having . as LOAD_PATH (ruby)

To: debian-security@lists.debian.org
Subject: Re: question on having . as LOAD_PATH (ruby)
From: Stephen Gran <sgran@debian.org>
Date: Fri, 6 Jan 2006 15:29:18 +0000
Message-id: <[🔎] 20060106152918.GA30615@www.lobefin.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87zmm9l7to.dancerj%dancer@netfort.gr.jp>
References: <[🔎] 87zmm9l7to.dancerj%dancer@netfort.gr.jp>

This one time, at band camp, Junichi Uekawa said:
> Hi,
> 
> I am wondering what the security implications of having a LOAD_PATH
> that includes '.' is.

Gerenally speaking, having . in any path is a bad idea.  You are correct
to feel uneasy about it.  Can . not be prepended to the path
specifically if desired (as in the shell PATH=.:$PATH)?  If it can, I
would suggest a bug filed for removal of . in path, with a README entry
detailing how to readd it if you want it.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: question on having . as LOAD_PATH (ruby)
  - From: Junichi Uekawa <dancer@netfort.gr.jp>

References:
- question on having . as LOAD_PATH (ruby)
  - From: Junichi Uekawa <dancer@netfort.gr.jp>

Prev by Date: question on having . as LOAD_PATH (ruby)
Next by Date: public key problem with mirrors.kernel.org
Previous by thread: question on having . as LOAD_PATH (ruby)
Next by thread: Re: question on having . as LOAD_PATH (ruby)
Index(es):
- Date
- Thread