Re: Bash should reset OLDPWD upon login, *only*.

[L A Walsh]

Chet Ramey wrote:
> On 10/1/17 7:30 PM, L A Walsh wrote:
>
>   
> > Only in the case of login -- they user CAN'T set it before they login, but
> > someone **could** have changed the system /etc/profile script to set OLDPWD
> > to /hang (i.e. someone is behaving "maliciously"). 
> >     
>
> Login shells rarely get OLDPWD from the environment. How about checking
> OLDPWD only if it appears in the environment, which would avoid the
> set-maliciously-in-etc-profile problem?
>
> That is consistent with the current behavior for importing PWD.
>   
That's fine w/me -- I was just concerned about a local DoS, if someone
could "pollute" the login stuff.  The run-time (in a session, not
login) behavior(s) have to be "controlled" by the process that spawned
bash -- I don't see how it could be easily justified to have bash
changing ENV vars unexpectedly in mid-session, when the user has
control via the parent process.

Hmm... there is a bash.bashrc in /etc.... I wonder if that's
a problem.  I wouldn't think it would be as much of a prob, as by
default, I don't think it is called on @ login.  Either way, @ login
or in bashrc-- it's a pretty remote possibility, so unless it could be
made more serious than just a long delay or wait I'm not so sure how
much effort should be invested.  Certainly something to think about
and be ready to change if something worse comes up.

I'll bet the win7-reboot on my cygwin install is limited to my machine
given how it's windows-install is limping (my event-recorder (syslogd)
won't run and MS doesn't know why -- even running an "in-place"
install/upgrade to reset things didn't fix it; only way to likely fix
it is to start with a new system directory & registry which would also
require a reinstall of all SW: Never something to look forward to.