Browse Source

Remove './' from PATH.

Some windowmanagers inherent this PATH and that introduces some security
risk because './' can allow local attackers to trick a user into
accidentally executing code.

Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/slim/trunk@171 7c53e7cc-98ea-0310-8f1f-a0b24da60408
iwamatsu 11 years ago
parent
commit
cd7784b8c9
2 changed files with 2 additions and 2 deletions
  1. 1 1
      cfg.cpp
  2. 1 1
      slim.conf

+ 1 - 1
cfg.cpp

@@ -28,7 +28,7 @@ Cfg::Cfg()
     : currentSession(-1)
 {
     // Configuration options
-    options.insert(option("default_path","./:/bin:/usr/bin:/usr/local/bin"));
+    options.insert(option("default_path","/bin:/usr/bin:/usr/local/bin"));
     options.insert(option("default_xserver","/usr/bin/X"));
     options.insert(option("xserver_arguments",""));
     options.insert(option("numlock",""));

+ 1 - 1
slim.conf

@@ -1,6 +1,6 @@
 # Path, X server and arguments (if needed)
 # Note: -xauth $authfile is automatically appended
-default_path        ./:/bin:/usr/bin:/usr/local/bin
+default_path        /bin:/usr/bin:/usr/local/bin
 default_xserver     /usr/bin/X
 #xserver_arguments   -dpi 75