Is it safe to edit the global PATH environment variable?
I just recently found out that I couldn't run mysql without typing out the whole path or being in the correct directory--unless I added the path to the PATH environment variable.
I managed to do so and now I'm able to run mysql upon start-up of my command line. I'm lazy and didn't want to type out the whole path just to run mysql from cmd. Also, I didn't know of any other way to do it. I randomly came across the solution on a forum.
The only thing I'm wondering now is if this is OK/safe to do for all of my programs.
While it isn't practical, it's just a precaution.
I noticed that in some tutorials online, some people had a PATH variable for their user variable while I didn't. I only found the PATH environment variable in the system variables section. Is that a bad thing?
The only account on my PC is the administrator account. At least, that's the only account I use.
Can I get some clarity/input on this?
Solution 1:
There's usually nothing dangerous about adding directories to PATH
. It could only cause you problems in two ways:
- While using a command prompt, you might accidentally run a program you didn't intend to. Then again, if you know the programs you put on your
PATH
, nothing malicious will happen. - Programs might find DLLs there that usually aren't loaded. The DLL search order specifies that if a requested DLL can't be found in normal locations, it will finally be looked for in the
PATH
places. If, say, a program optionally loaded a module by trying to load a DLL by name and not caring if it fails, someone with control of aPATH
folder could cause that program to load an arbitrary DLL if one with its name isn't found earlier in the search. Incidentally, that possible security issue is why it's a bad idea to attempt to load DLLs that may or may not be present. Well-written programs won't have this problem.
You could also conceivably max out the PATH
variable length, but that's not really a security issue.
Concerning your not finding the user PATH
variable: if you create a per-user version of that variable, your effective PATH
will be the system one automatically combined with your per-user one.