CDPATH reports to stdout and even non-interactively

From: geoff
Date: Fri, 15 Aug 2008 02:26:24 -0700 (PDT)

Configuration Information [Automatically generated, do not change]:
Machine: i586
OS: linux-gnu
Compiler: gcc -I/usr/src/packages/BUILD/bash-3.2 
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i586' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i586-suse-linux-gnu' 
-DCONF_VENDOR='suse' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL 
-DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib   -O2 -march=i586 -mtune=i686 
-fmessage-length=0 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -g -D_GNU_SOURCE 
-DRECYCLES_PIDS -Wall -pipe -g -fPIE -fprofile-use
uname output: Linux bow #1 SMP 2007/11/19 15:02:58 UTC 
i686 i686 i386 GNU/Linux
Machine Type: i586-suse-linux-gnu

Bash Version: 3.2
Patch Level: 25
Release Status: release

        If CDPATH is set, whenever bash changes directories to a
        non-absolute path it reports the new directory to stdout.
        This is done even if bash is running in non-interactive mode,
        such as in a script.  That breaks scripts that do things like

        (cd /foo/bar; do-something; cd foo; echo Important information) > bar

        or, more commmonly, ones that do this:

        cd /foo/bar; do-something; cd foo; echo Important information

        when their output is redirected.

        export CDPATH=.:..
        cd /
        (cd etc) > /tmp/bashcdpath
        cat /tmp/bashcdpath
        # /etc is shown
        cat > /tmp/bashcdpathbug << EOF
        cd /etc
        echo This should be the only output
        cd tmp
        chmod +x /tmp/bashcdpathbug
        /tmp/bashcdpathbug > /tmp/bashcdpath2
        wc -l /tmp/bashcdpath2
        # File contains two lines when it should have only one
        rm -f /tmp/bashcdpath*

        Bash should only report CDPATH status in interactive mode.
        Furthermore, CDPATH status (like all such human-interest
        information) should be reported to stderr, not stdout.

        I would also argue that CDPATH should only be respected in
        interactive mode.  Otherwise, there's a potential security
        hole with respect to scripts that use relative directory
        changes (and potential bugs in other scripts, which is how
        this problem as discovered).

