[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Possible security bug - :: in PATH behaves as if it were "."
|
From: |
Chet Ramey |
|
Subject: |
Re: Possible security bug - :: in PATH behaves as if it were "." |
|
Date: |
Mon, 17 Oct 2005 11:34:43 -0400 |
|
User-agent: |
Mozilla Thunderbird 1.0.6 (Macintosh/20050716) |
Asten Rathbun wrote:
> Hi,
>
> Just kept looking for info on this, and found an old post on
> gnu.bash.bug regarding this, where you (Chet) replied saying that this
> is how $PATH should work. Do you have anything mentioning why that
> is the case? It seems like a big security risk, seeing as scripts can
> insert things into the path and this kind of situation can arise
> pretty easily without the operator knowing it.
This is how sh has always behaved, and how people expect it to work.
POSIX standardizes the historical behavior, but stresses that it is a
legacy feature and that `strictly conforming' applications should use
an explicit `.'.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet )
Live Strong.
Chet Ramey, ITS, CWRU chet@case.edu http://tiswww.tis.case.edu/~chet/