[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cannot declare local variables if they're readonly

From: Greg Wooledge
Subject: Re: cannot declare local variables if they're readonly
Date: Thu, 23 Jul 2015 08:13:21 -0400
User-agent: Mutt/

On Thu, Jul 23, 2015 at 01:12:01AM +0200, isabella parakiss wrote:
> From variables.c
>                                        The test against old_var's context
>      level is to disallow local copies of readonly global variables (since I
>      believe that this could be a security hole).
> Can you please explain how that can be a security hole?

People who use "readonly" are generally doing so in the context of a
"restricted shell" (yes, commence laughter) or other situation where
that specific variable is the key to unlocking something that the
administrator does not want the user to unlock.  The entity who used
"readonly" is presumed to want that variable to remain unchanged, forever.

A typical example is PATH.

I am not advocating this security model.  I'm just explaining the

reply via email to

[Prev in Thread] Current Thread [Next in Thread]