[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash is incorrectly and inconsistently expanding tilde in $PATH
From: |
Eduardo Bustamante |
Subject: |
Re: Bash is incorrectly and inconsistently expanding tilde in $PATH |
Date: |
Thu, 4 May 2017 09:54:07 -0500 |
On Wed, May 3, 2017 at 5:40 PM, Nikolay Aleksandrovich Pavlov (ZyX)
<kp-pav@yandex.ru> wrote:
[...]
> If $PATH in bash contains ~ (e.g. `PATH='~/bin'`) it is incorrectly
> treated
> as if $HOME is present.
Hm. You can start bash in POSIX mode
(https://www.gnu.org/software/bash/manual/bash.html#Bash-POSIX-Mode)
if you want to disable this feature. i.e.
dualbus@debian:~$ bash --posix -c 'printf "%s\n" "#!/bin/bash"
"echo hi" > ~/cmd; chmod +x ~/cmd; PATH=\~; declare -p PATH; cmd'
declare -x PATH="~"
bash: cmd: command not found
dualbus@debian:~$ bash -c 'printf "%s\n" "#!/bin/bash" "echo hi" >
~/cmd; chmod +x ~/cmd; PATH=\~; declare -p PATH; cmd'
declare -x PATH="~"
hi
Bash's behavior here is intentional by the way, review the function
find_in_path_element in
http://git.savannah.gnu.org/cgit/bash.git/tree/findcmd.c?h=devel#n527,
it will perform tilde expansion if the path component starts with a
tilde. Perhaps it should be documented under
https://www.gnu.org/software/bash/manual/bash.html#Bourne-Shell-Variables
that bash treats tildes inside PATH specially.
Also, I think it's a bit of a stretch to call this a security problem.
The scenario you describe (a user having a directory literally named
`~' with a bin subdirectory, a malicious program creating evil
binaries in $HOME/bin, the user having a misconfigured PATH, ...) is
highly unlikely.
Re: Bash is incorrectly and inconsistently expanding tilde in $PATH, Chet Ramey, 2017/05/06