[php-maint] Bug#758185: Bug#758185: Bug#758185: php5-common: installation fails with . in $PATH

Ondřej Surý ondrej at sury.org
Fri Aug 15 13:35:39 UTC 2014


On Fri, Aug 15, 2014, at 12:39, Zlatko Calusic wrote:
> That someone already has a root password, so it's easier for him to use 
> it than to drop malware and wait for me to step on it. ;)
> 
> The point being of course, dot in the PATH is dangerous ONLY if you are 
> on a multiuser machine where there are people with shell access who you 
> can't trust. I haven't seen such machine in decades, and of course I'll 
> remember to remove the all-dangerous dot from the PATH then. In the 
> meantime, my boxes are so much friendlier with the dot included. :)

Any website running PHP (and it looks like you do run PHP) can drop
a file to /tmp (or any other writeable directory).  But that's your
choice.

O.
-- 
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server



More information about the pkg-php-maint mailing list