bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Perhaps more than CDPATH is risky

From: geoff
Subject: Perhaps more than CDPATH is risky
Date: Fri, 15 Aug 2008 03:38:57 -0700 (PDT) 
Configuration Information [Automatically generated, do not change]:
Machine: i586
OS: linux-gnu
Compiler: gcc -I/usr/src/packages/BUILD/bash-3.2 
-L/usr/src/packages/BUILD/bash-3.2/../readline-5.2
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i586' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i586-suse-linux-gnu' 
-DCONF_VENDOR='suse' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL 
-DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib   -O2 -march=i586 -mtune=i686 
-fmessage-length=0 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -g -D_GNU_SOURCE 
-DRECYCLES_PIDS -Wall -pipe -g -fPIE -fprofile-use
uname output: Linux bow 2.6.22.13-0.3-default #1 SMP 2007/11/19 15:02:58 UTC 
i686 i686 i386 GNU/Linux
Machine Type: i586-suse-linux-gnu

Bash Version: 3.2
Patch Level: 25
Release Status: release

Description:
        With respect to my previous report on CDPATH, Werner Fink of
        SuSE (now Novell) has some additional comments:

        Maybe there are some more variables which are normaly used in
        interactive mode but also available in script mode.  The question
        rises how many scripts are out there relying on such variables
        like CDPATH and others:

             #!/bin/bash 
             CDPATH=/tmp
             tmp=$(mktemp -d ${CDPATH}/${0##*/}.XXXXXX) || exit 1
             wrk=${tmp##*/}
             cd $wrk

Repeat-By:
        I think somebody needs to audit bash to ask the following questions:

        (1) If environment variable X is imported to a script, what
            are the bad effects?

        (2) What is the probability that a script writer will remember
            to reset X?  (Heck, how many scripts even reset IFS?  And
            that's been well known about sh for 20 years.)

        (3) If X is disabled in non-interactive mode, what are the bad
            results?

        (4) Is it sufficient to null out X on startup, and then let
            the script reset it if it chooses?

        Without doing the audit, I'd guess that the answer to #4 is
        nearly always (or, more likely, always) yes.

Fix:
        [Description of how to fix the problem.  If you don't know a
        fix for the problem, don't include this section.]
reply via email to
[Prev in Thread] Current Thread [Next in Thread]