[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The load path

From: Rob Browning
Subject: Re: The load path
Date: Sun, 17 Oct 2004 14:40:29 -0500
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

Andy Wingo <address@hidden> writes:

> First off, the load path for a guile in /usr/bin/guile doesn't
> include /usr/local. I was discussing this with Rob today on IRC, and
> we agreed that /usr/local should be added onto the load path for a
> guile in /usr, so that local packages can be used without hacking

I agree that it's probably a good idea, though I was a little
concerned about putting things in /usr/local in root's default path.

However, my concern may have been based on an incorrect assumption.  I
had thought that on many systems root's PATH did not include
directories in /usr/local/bin by default because on those systems
/usr/local was group staff, and membership in staff was not supposed
to be equivalent to root (security-wise).  If this is not a common
presumption, then my concern is irrelevant.

> Secondly, guile's load path includes ".". This is unexpected. The set of
> includes should not depend on the working directory of the user. Also,
> as in the case of $PATH and $LD_LIBRARY_PATH, this exposes a security
> risk. The only time I can imagine this as being useful is within a
> source tree, when you control the environment anyway.

Yes.  It's risky for all the same reasons that having . in your PATH
is.  The risk is a little less than it otherwise might be, since . is
at the end, but it's still a risk.

Rob Browning
rlb and; previously
GPG starting 2002-11-03 = 14DD 432F AE39 534D B592  F9A0 25C8 D377 8C7E 73A4

reply via email to

[Prev in Thread] Current Thread [Next in Thread]