从工作目录运行UNIX程序? [英] run UNIX programs from the working directory?

问题描述

为了从当前目录运行UNIX程序，我将其包含在我的〜/.profile 中(我使用的是Mac OS 10.9):

In order to run UNIX programs from my current directory, I included this in my ~/.profile (I'm using Mac OS 10.9):

export PATH="./:$PATH"

这种方法有什么问题吗?似乎很明显，那么为什么默认不包含它呢?而且，还有更好的方法吗?

Anything wrong with this approach? It seems obvious, so why isn't it included by default? And, is there any better way to do it?

推荐答案

不要这样做.

向 $ PATH 添加.存在安全隐患，这就是默认情况下与之不同的原因.将 $ PATH 中列出的路径视为受信任位置".您可以在其中运行程序和脚本而无需键入它们的绝对路径.

Adding . to $PATH is a security risk, that's why it's not like that by default. Consider the paths listed in $PATH as "trusted locations". You can run the programs and scripts in them without typing their absolute paths.

如果将.添加到 $ PATH ，则可能会无意中运行某些程序.例如，我经常运行 netstat 命令来检查统计信息.我已经习惯了，我只键入"nets"，然后按tab，我知道它将自动完成为"netstat"，所以我很快按Enter.如果我在 $ PATH 上有.，并且当前目录中有一个名为"netst"的恶意脚本，那么当我打算运行<像往常一样，按 netstat ，然后按Enter太快以至于该选项卡自动完成为 netst 而不是 netstat .

If you add . to $PATH, then you may run things by accident. For example I often run the netstat command to check statistics. I'm so used to it, I type only until "nets" and press tab, and I know it will be auto-completed to "netstat" so I very quickly press enter. If I had . on my $PATH, and there was a malicious script named "netst" in the current directory, then I might accidentally run it when I mean to run netstat as usual, pressing enter too fast to realize that tab auto-completed to netst instead of netstat.

这只是一个例子，我很容易想到更多.在 $ PATH 上具有.是安全隐患，这就是为什么默认情况下它在任何系统中都不存在的原因.将.附加到末尾比在其前面附加更好，但实际上最好不要这样做.在程序前面键入 ./不会太麻烦，并且您可以放心地确切知道自己在运行什么.

This is just one example, I could easily think of more. Having . on $PATH is a security risk, that's why it's never there by default in any system. Appending . to the end is better than prepending it, but it's really best to not do it at all. Typing the ./ in front of programs should not be too much of a hassle, and you have the peace of mind of knowing exactly what you're running.

我认为重复问题中的结论太软了:

I think the conclusions in the duplicate questions are too soft:

• > https://superuser.com/questions/156582/why默认不是在路径中
• https://unix.stackexchange.com/questions/65700/is-it-safe-to-add-to-my-path-how-come

没有人应该这样做.与危险相比，它提供的便利少得可笑.

Nobody should ever do this. The convenience this gives is ridiculously small compared to the dangers.

这篇关于从工作目录运行UNIX程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！