从工作目录运行UNIX程序? [英] run UNIX programs from the working directory?
问题描述
为了从当前目录运行UNIX程序,我将其包含在我的〜/.profile
中(我使用的是Mac OS 10.9):
In order to run UNIX programs from my current directory, I included this in my ~/.profile
(I'm using Mac OS 10.9):
export PATH="./:$PATH"
这种方法有什么问题吗?似乎很明显,那么为什么默认不包含它呢?而且,还有更好的方法吗?
Anything wrong with this approach? It seems obvious, so why isn't it included by default? And, is there any better way to do it?
推荐答案
不要这样做.
向 $ PATH
添加.
存在安全隐患,这就是默认情况下与之不同的原因.将 $ PATH
中列出的路径视为受信任位置".您可以在其中运行程序和脚本而无需键入它们的绝对路径.
Adding .
to $PATH
is a security risk, that's why it's not like that by default. Consider the paths listed in $PATH
as "trusted locations". You can run the programs and scripts in them without typing their absolute paths.
如果将.
添加到 $ PATH
,则可能会无意中运行某些程序.例如,我经常运行 netstat
命令来检查统计信息.我已经习惯了,我只键入"nets",然后按tab,我知道它将自动完成为"netstat",所以我很快按Enter.如果我在 $ PATH
上有.
,并且当前目录中有一个名为"netst"的恶意脚本,那么当我打算运行<像往常一样,按 netstat
,然后按Enter太快以至于该选项卡自动完成为 netst
而不是 netstat
.
If you add .
to $PATH
, then you may run things by accident. For example I often run the netstat
command to check statistics. I'm so used to it, I type only until "nets" and press tab, and I know it will be auto-completed to "netstat" so I very quickly press enter. If I had .
on my $PATH
, and there was a malicious script named "netst" in the current directory, then I might accidentally run it when I mean to run netstat
as usual, pressing enter too fast to realize that tab auto-completed to netst
instead of netstat
.
这只是一个例子,我很容易想到更多.在 $ PATH
上具有.
是安全隐患,这就是为什么默认情况下它在任何系统中都不存在的原因.将.
附加到末尾比在其前面附加更好,但实际上最好不要这样做.在程序前面键入 ./
不会太麻烦,并且您可以放心地确切知道自己在运行什么.
This is just one example, I could easily think of more. Having .
on $PATH
is a security risk, that's why it's never there by default in any system. Appending .
to the end is better than prepending it, but it's really best to not do it at all. Typing the ./
in front of programs should not be too much of a hassle, and you have the peace of mind of knowing exactly what you're running.
我认为重复问题中的结论太软了:
I think the conclusions in the duplicate questions are too soft:
- > https://superuser.com/questions/156582/why默认不是在路径中
- https://unix.stackexchange.com/questions/65700/is-it-safe-to-add-to-my-path-how-come
没有人应该这样做.与危险相比,它提供的便利少得可笑.
Nobody should ever do this. The convenience this gives is ridiculously small compared to the dangers.
这篇关于从工作目录运行UNIX程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!