bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

If there is '::' in $PATH, current directory(.) included.

From: jjack
Subject: If there is '::' in $PATH, current directory(.) included.
Date: Wed, 29 Nov 2000 14:08:25 +0900 (KST)
Configuration Information [Automatically generated, do not change]:
Machine: i386
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i386'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i386-redhat-linux-gnu'
-DCONF_VENDOR='redhat' -DSHELL -DHAVE_CONFIG_H -D_GNU_SOURCE
-D_FILE_OFFSET_BITS=64 -I. -I. -I./include -I./lib -I/usr/include -O2
-march=i386 -mcpu=i686
uname output: Linux maro 2.4.0-test11-ac4 #6 SMP Mon Nov 27 13:25:04 KST
2000 i686 unknown
Machine Type: i386-redhat-linux-gnu

Bash Version: 2.04
Patch Level: 11
Release Status: release

Description:
If there is '::' in $PATH, or ':' is at the begin of $PATH or at
the end of $PATH,
current directory (.) is added to PATH LIST.
We think it is better not including current directory, because it
is a security problem.

Repeat-By:
Fix:
diff -Nur bash-2.04.orig/findcmd.c bash-2.04.new/findcmd.c
--- bash-2.04.orig/findcmd.c Tue Nov 30 02:33:31 1999
+++ bash-2.04.new/findcmd.c Wed Nov 29 13:59:11 2000
@@ -245,13 +245,13 @@

if (path == 0)
return (path);
-
+/*
if (*path == '\0')
{
free (path);
path = savestring (".");
}
-
+*/
return (path);
}

@@ -533,6 +533,9 @@
path = get_next_path_element (path_list, &path_index);
if (path == 0)
break;
+
+ if (*path == '\0')
+ continue;

/* Side effects: sets dot_found_in_search, possibly sets
file_to_lose_on. */

reply via email to
[Prev in Thread] Current Thread [Next in Thread]