Possible security bug - :: in PATH behaves as if it were "."

[Asten Rathbun]

Hi,

Unfortunately I have a slack distro that doesn't include bashbug and
was having issues getting it compiled right, so please accept this bug
report... this confounded me for awhlie


----The version number and release status of Bash

root@www:/usr/local/www/bin# bash --version
GNU bash, version 3.00.15(2)-release (i486-slackware-linux-gnu)
Copyright (C) 2004 Free Software Foundation, Inc.


----The machine and OS that it is running on:
Slackware, i686-pc-linux-gnu)

A list of the compilation flags or the contents of `config.h', if appropriate
N/A

---A description of the bug
I noticed that I was able to run executables that shouldn't have been
in my path while in the directory as root.  This is akin to having the
"." directory in Root's path - a well-known no-no.  However, the PATH
variable did *NOT* include ".".   In setting the path, two :
separators were left next to each other.  Removing the extra : removes
the effect.

---A recipe for recreating the bug reliably

(Notice extraneous : after /sbin)

root@www:/usr/local/www/bin# echo $PATH
/usr/local/sbin:/usr/sbin:/sbin::/usr/local/mysql/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/lib/java/bin:/usr/lib/java/jre/bin
root@www:/usr/local/www/bin# apachectl
Usage: /usr/local/www/bin/httpd [-D name] [-d directory] [-f file]
                                [-C "directive"] [-c "directive"]
                                [-k start|restart|graceful|stop]
                                [-v] [-V] [-h] [-l] [-L] [-t] [-S]
<snip>
root@www:/usr/local/www/bin#
PATH=/usr/local/sbin:/usr/sbin/sbin:/usr/local/mysql/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/lib/java/bin:/usr/lib/java/jre/bin
root@www:/usr/local/www/bin# apachectrl
-bash: apachectrl: command not found


----A fix for the bug if you have one!
Sorry, no fix.