svn rev #19534: trunk/src/windows/build/
Durbin_Ron@emc.com
Durbin_Ron at emc.com
Fri Apr 27 09:27:37 EDT 2007
Even though this is not a setuid program, you are less likely to hit
some abhorrent behavior
if you do not inherit the users path. By either setting the path in the
build tool or looking
in explicit places you reduce the abhorrent behavior issue.
I have seen cases where some body will put a wrapper or special version
of a program in a directory or folder having the same name as a standard
tool. In order to
modify the behavior of the tool for their purposes. If the build tool
happens to execute this
non standard behavior tool it could modify the out come of the build.
Ron
-----Original Message-----
From: Danilo Almeida [mailto:dalmeida at MIT.EDU]
Sent: Thursday, April 26, 2007 6:10 PM
To: Durbin, Ron; krbdev at MIT.EDU
Subject: RE: svn rev #19534: trunk/src/windows/build/
<quote>
Using path can be unreliable and a security hole.
So silly people have "." in their path and that is a bad idea.
Having a tool depend on path means you have to trust the users
environment.
</quote>
This is a build tool, not some setuid program...
- Danilo
More information about the krbdev
mailing list