Default PATH should not use '.'
Submitted by Glynn Foster
Description
It was noted -
path = g_getenv ("PATH");
if (path == NULL)
{
/* There is no `PATH' in the environment. The default
* search path in libc is the current directory followed by
* the path `confstr' returns for `_CS_PATH'.
*/
/* In GLib we put . last, for security, and don't use the
* unportable confstr(); UNIX98 does not actually specify
* what to search if PATH is unset. POSIX may, dunno.
*/
path = "/bin:/usr/bin:.";
}
There were concerns from the architectural review committee that the default path should not include '.' - which is a fairly controversial security subject.
Resolution: RESOLVED WONTFIX