On Sun, 30 Mar 1997, Bill Studenmund wrote:

> > Nope, if your path doesn't have '.' in it.
> 
> Exactly. And there's a security reason for not putting '.' in your path.
> It provides a mechanism for certain security violations. If '.' is in
> your path, especially in the from of your path, then you can unknowingly
> run trojan horses when you want system utilities. Like if you download
> a package which includes an "ls" command, and then type ls to see what
> is in the directory, you've just run the trojan horse.

Good reason to put it at the end of the path, so that if there's a
legitimate program with that name, it will get run instead, unless you
explicitly use ./ls on the command line.  :-)

> That said, one of the first things I do is add '.' to my path when I do a
> new install. :-)

That makes two of us.

Later,

 /---------------------------------------------------------------------\
|David A. Gatwood             And Richard Cory, one calm summer night,  |
|davagatw@mars.utm.edu      Went home and put a bullet through his head.|
|dgatwood@globegate.utm.edu          --Edwin Arlington Robinson         |
|-----------------------------------------------------------------------|
|http://globegate.utm.edu                  http://www.utm.edu/~davagatw |
|http://mars.utm.edu/~davagatw             http://www.nyx.net/~dgatwood |
 \---------------------------------------------------------------------/