On Do, 18 Dez 2025, Chainsaw wrote:
> The PATH variable does not matter for an executable if you are in the
> directory of the executable, or using the absolute path. When a command is
> issued at the CMD prompt, the Operating System will first look for an
> executable file in the current folder, if not found it will scan %PATH% to
Which is a huge security issue by itself. There is a reason why almost
no other shell behaves like this and even powershell did not inherit
this behavior. In fact MS introduced the
$NoDefaultCurrentDirectoryInExePath environment variable to enable
customers to disable this behaviour.
And Vim does set this environment variable since patch 9.1.1947 (see
https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834 for
the reasoning).
I'd recommend not to rely on that behavior (e.g. what happens if you
have a malicious dir.cmd in your current directory)?
In any case, I suppose you could disable this behavior by unsetting
$NoDefaultCurrentDirectoryInExePath from your environment, like:
set NoDefaultCurrentDirectoryInExePath=
> (I do consider this a bug because I should not have to include current
> directory in path).
Well, I don't :)
Thanks,
Chris
--
And in the heartbreak years that lie ahead,
Be true to yourself and the Grateful Dead.
-- Joan Baez
--
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups "vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/vim_use/aUQiJEqE/Ml4mf9t%40256bit.org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment