[MPlayer-users] Using -dumpstream on OS X
Ivo
ivop at euronet.nl
Fri Dec 7 12:28:19 CET 2007
On Friday 07 December 2007 11:37, MB wrote:
> Guillaume POIRIER said:
> >That's plain normal. "./" isn't in $PATH in all standard Unix systems.
> >You need to add the path were MPlayer OSX is if you want to make do
> >without "./"
>
> OK, I'll add it there. Even though I'm a bit used to using "./" now,
> it's always is a bit bewildering to see commands without it in manuals,
> especially as I've seen very few -actually I can't remember one-
> comments that OS X and Darwin unlike many other Unix flavors don't have
> it in the path from default.
Perhaps I'm misunderstanding this thread, but "." should _never_ be in your
PATH! That's a huge security risk. Imagine the following:
$ tar xvjf somepkg.tar.bz2
$ cd somepkg
$ ls
If the creator of somepkg.tar.bz2 had bad intentions, it could simply place
a binary or shell script named ls inside that, besides calling /bin/ls,
forks and starts sending your complete homedir over the internet. Or test
whether it's root and send /etc/shadow. Or run rm -rf /. Or install a
rootkit, et cetera...
So, you should only add full paths to your PATH variable you know contains
binaries you trust.
--Ivo
More information about the MPlayer-users
mailing list