Personally I prefer /. as it's more interesting to read :)))) could we close this topic plz ? we won't go anywhere anyway, since everyone has a position on this. Let's stick the R5 way, then we will decide for GE. François. En réponse à "Scott A. MacMaster" <zqxh@xxxxxxx>: > On Tue, 14 May 2002 23:08:51 +0200 > Linus Almstrom <linalm-7@xxxxxxxxxx> wrote: > >On 2002-05-14 at 22:49:02 [+0200], openbeos@xxxxxxxxxxxxx wrote: > >> To me this is just a 'safety net' for folders accessable by multible > > >> users (or even just one user). If a user is stupid enough to name a > > >> script the same as a common program the users is definitely asking > for > >> problems (problems unrelated to security). > > > >Stupid? > >I do not think you understand. If you execute an application > somewhere > >(in another users home tree) the application get your rights, which > means > >that the one that created and put the application there deliberately > can > >get any kind of information from you or erase all your own files. > > In multiuser systems I'd definitely be careful about what programs I > run. Hows > this relate to ./? > > > > >There are also stuff like suid, but that is a completely different > >business, sort of anyway. > > > >> Espacially so if the user > >> doesn't inform the other users of the group about this script. I > said > >> that the 'problem' aren't security related. I mean that to mean that > it > >> won't help hackers break through security. The script could loosen > > >> security for folders that belong to the group. As I said earlier a > user > >> would be stupid to do that and deserves to have his hand slapped. > > > >What are you talking about? That does not seem to have anything to do > with > >what the discussion is about. > > I'm trying to understand what the security issue with ./ is. Based on > what > I've been told I'm explaining what I see. If my explaination is wrong > could > you correct me. Thanks. > > >> I say keep the ./ in there by default. I'm always for giving a user > all > >> the options. If the user wants to try to do something risky let them > as > >> it could only affect themselves. > > > >I say the other way around... Leave out the "./" and let the > powerusers > >add it if they feel they understand what they are doing. > > Maybe I'll think that once I understand this security issue. > > > Scott MacMaster <zqxh@xxxxxxx> > ----------------------------- > Indiana University of Pennsylvania - student > www.CodeLiege.com > >