Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X

To: Steve Kemp <skx@debian.org>
Cc: Philippe Faes <Philippe.Faes@UGent.be>, 210243@bugs.debian.org, debian-mentors@lists.debian.org
Subject: Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 15 Sep 2003 12:02:15 -0400
Message-id: <[🔎] 20030915160215.GD6051@alcor.net>
Mail-followup-to: Steve Kemp <skx@debian.org>, Philippe Faes <Philippe.Faes@UGent.be>, 210243@bugs.debian.org, debian-mentors@lists.debian.org
Reply-to: Matt Zimmerman <mdz@debian.org>, 210243@bugs.debian.org
In-reply-to: <[🔎] 20030915152139.GA30433@steve.org.uk>
References: <[🔎] E19wywA-0000Pg-00@mira.faes.net> <[🔎] 1063634908.1711.23.camel@mira.faes.net> <[🔎] 20030915142130.GA29841@steve.org.uk> <[🔎] 20030915144548.GB6051@alcor.net> <[🔎] 20030915144742.GA30024@steve.org.uk> <[🔎] 20030915150035.GC6051@alcor.net> <[🔎] 20030915152139.GA30433@steve.org.uk>

On Mon, Sep 15, 2003 at 04:21:39PM +0100, Steve Kemp wrote:

> On Mon, Sep 15, 2003 at 11:00:35AM -0400, Matt Zimmerman wrote:
> 
> > $PATH is almost always trusted; the exception is setuid programs which
> > should sanitize PATH.  xspringies is not setuid, is it?
> 
>   It is not setuid/setgid no, but I still think it's best to not trust
>  the PATH - sure it's not critical, but it's a good think "just in
>  case".

I think I have to disagree here; hardcoding paths does not, in general,
improve security.  In any case where path is untrusted, the correct solution
is to set a sane PATH
(/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin) and continue
to execute commands as normal.  This way you are not dependent on programs
being installed in a particular location, and if it is necessary for the
administrator to change the path, they can do this in one palce.

-- 
 - mdz

Reply to:

References:
- Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
  - From: Philippe Faes <Philippe.Faes@UGent.be>
- Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
  - From: Philippe Faes <Philippe.Faes@UGent.be>
- Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
  - From: Steve Kemp <skx@debian.org>
- Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
  - From: Steve Kemp <skx@debian.org>
- Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Bug#207849: Ked Password Manager
Next by Date: Bug#211070: ITP: libjazzy-java -- spell checker java library
Previous by thread: Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
Next by thread: Bug#210243: ITP: xspringies -- Interactive 2D mass/spring simulation system for X
Index(es):
- Date
- Thread