[php-maint] Bug#758185: Bug#758185: Bug#758185: php5-common: installation fails with . in $PATH
Ondřej Surý
ondrej at sury.org
Fri Aug 15 13:35:39 UTC 2014
On Fri, Aug 15, 2014, at 12:39, Zlatko Calusic wrote:
> That someone already has a root password, so it's easier for him to use
> it than to drop malware and wait for me to step on it. ;)
>
> The point being of course, dot in the PATH is dangerous ONLY if you are
> on a multiuser machine where there are people with shell access who you
> can't trust. I haven't seen such machine in decades, and of course I'll
> remember to remove the all-dangerous dot from the PATH then. In the
> meantime, my boxes are so much friendlier with the dot included. :)
Any website running PHP (and it looks like you do run PHP) can drop
a file to /tmp (or any other writeable directory). But that's your
choice.
O.
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
More information about the pkg-php-maint
mailing list