[php-maint] Bug#758185: Bug#758185: php5-common: installation fails with . in $PATH

Zlatko Calusic zcalusic at bitsync.net
Fri Aug 15 10:39:12 UTC 2014

On 15.08.2014 10:57, Ondřej Surý wrote:
> Hi Zlatko,
> I will fix that in git, but having "." in $PATH (especially for root
> user)
> is a very bad bad practice and really should be avoided due security
> reasons.

No, it's not. It's a bad practice ONLY if some requirements are met, 
which has not been the case here, for a long time.

> Imagine someone dropping a malware binary in /tmp ...

That someone already has a root password, so it's easier for him to use 
it than to drop malware and wait for me to step on it. ;)

The point being of course, dot in the PATH is dangerous ONLY if you are 
on a multiuser machine where there are people with shell access who you 
can't trust. I haven't seen such machine in decades, and of course I'll 
remember to remove the all-dangerous dot from the PATH then. In the 
meantime, my boxes are so much friendlier with the dot included. :)

Thanks for quick response!


More information about the pkg-php-maint mailing list