From: Olaf Lenz (
Date: Wed Feb 19 2014 - 06:01:26 CST

Hi everybody!

I have just noticed that VMD will automatically read and play the file
".vmdrc" in the current directory.
I believe that this is a significant security hole. If a user puts a
malicious Tcl script ".vmdrc" into a directory where someone else executes
vmd, the script is executed. Ultimately, this is the same reason, why "."
is not in the PATH.

I would strongly recommend to remove this behavior, or at least make it
configurable via an environment variable or so.


Dr. rer. nat. Olaf Lenz
Institut für Computerphysik, Allmandring 3, D-70569 Stuttgart
Phone: +49-711-685-63607