[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Possible security bug - :: in PATH behaves as if it were "."
From: |
Chris F.A. Johnson |
Subject: |
Re: Possible security bug - :: in PATH behaves as if it were "." |
Date: |
Mon, 17 Oct 2005 12:12:49 -0400 (EDT) |
On Sun, 16 Oct 2005, Asten Rathbun wrote:
Unfortunately I have a slack distro that doesn't include bashbug and
was having issues getting it compiled right, so please accept this bug
report... this confounded me for awhlie
[snip]
---A description of the bug
I noticed that I was able to run executables that shouldn't have been
in my path while in the directory as root. This is akin to having the
"." directory in Root's path - a well-known no-no. However, the PATH
variable did *NOT* include ".". In setting the path, two :
separators were left next to each other. Removing the extra : removes
the effect.
An empty field in $PATH is and has always been interpreted as the
current directory.
An empty field, whether at the beginning (:*), the end (*:), or in
the middle (*::*) is a bug in the distro that put it there
(Slackware is not the only culprit; I think the problem may be in
an X initialization script).
I always run a function, checkpath, to remove such errors. It's
not bashified, as it was written to be POSIX compliant; I have
bashified the _unslash function that it requires:
checkpath() # verify that all entries in $PATH are directories; remove dupes
{
verbose=0
OPTIND=1
while getopts v var
do
case "$var" in
v) verbose=1 ;;
esac
done
_unslash "$PATH"
PATH=$_UNSLASH
## assign the elements in PATH to the positional parameters
oldIFS=$IFS
IFS=":"
set -- $PATH
IFS=$oldIFS
newPATH=
for p
do
case $p in
""|.) continue ;; ## do not allow current directory
esac
if [ -d "$p" ]
then
_unslash "$p"
p=$_UNSLASH
case :$newPATH: in
*:"$p":*) [ $verbose -ge 1 ] &&
echo "checkpath: removing $p (already in PATH)" >&2
;;
*) newPATH=${newPATH:+$newPATH:}$p ;;
esac
else
[ $verbose -ge 1 ] &&
echo "checkpath: $p is not a directory; removing it from PATH" >&2
fi
done
PATH=$newPATH
return
}
_unslash()
{
_UNSLASH=$1
while :
do
case $_UNSLASH in
## remove trailing slashes
*/) _UNSLASH=${_UNSLASH%/} ;;
## change // to /
*//*) _UNSLASH=${_UNSLASH//\/\///} ;;
*) break ;;
esac
done
}
--
Chris F.A. Johnson <http://cfaj.freeshell.org>
==================================================================
Shell Scripting Recipes: A Problem-Solution Approach, 2005, Apress
<http://www.torfree.net/~chris/books/cfaj/ssr.html>