[TYPO3-core] RFC #12547: Bug: Default paths for Windows are not properly defined

[Martin Kutschker]

Steffen Ritter schrieb:
> Martin Kutschker schrieb:
>> We could use the "Path" environment variable, but I think that this
>> might be used for an attack.
> 
> how?

By sneaking a modified ENV into the system and by supplying an evil binary on the system.

I have read that trusting ENV is evil when it comes to security.

Masi