Comment by oneeyedpigeon
18 days ago
How often do you find yourself running executables from the current directory? Is this a daily thing?
18 days ago
How often do you find yourself running executables from the current directory? Is this a daily thing?
Gamedev! I could run some crazy cmake command to build and run, or I could just bin/build.
For my workflow, yes
I don’t think it’s a severe security vulnerability. The same thing can happen with $home/bin.
I think it's substantially riskier. At the very least, it means you are trusting any directory you cd into, rather than just trusting your $home/bin.
Stuff that would not typically raise eyebrows has been made risky. You might cd into less privileged user's $home, or some web service's data directory, and suddenly you've given whoever had access to those users, access to your user.
Maybe you could argue "well, I just won't cd outside of my $home", but the sheer unexpectedness of the behavior seems deeply undesirable to me.