[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Perhaps more than CDPATH is risky
From: |
geoff |
Subject: |
Perhaps more than CDPATH is risky |
Date: |
Fri, 15 Aug 2008 03:38:57 -0700 (PDT) |
Configuration Information [Automatically generated, do not change]:
Machine: i586
OS: linux-gnu
Compiler: gcc -I/usr/src/packages/BUILD/bash-3.2
-L/usr/src/packages/BUILD/bash-3.2/../readline-5.2
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i586'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i586-suse-linux-gnu'
-DCONF_VENDOR='suse' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
-DHAVE_CONFIG_H -I. -I. -I./include -I./lib -O2 -march=i586 -mtune=i686
-fmessage-length=0 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -g -D_GNU_SOURCE
-DRECYCLES_PIDS -Wall -pipe -g -fPIE -fprofile-use
uname output: Linux bow 2.6.22.13-0.3-default #1 SMP 2007/11/19 15:02:58 UTC
i686 i686 i386 GNU/Linux
Machine Type: i586-suse-linux-gnu
Bash Version: 3.2
Patch Level: 25
Release Status: release
Description:
With respect to my previous report on CDPATH, Werner Fink of
SuSE (now Novell) has some additional comments:
Maybe there are some more variables which are normaly used in
interactive mode but also available in script mode. The question
rises how many scripts are out there relying on such variables
like CDPATH and others:
#!/bin/bash
CDPATH=/tmp
tmp=$(mktemp -d ${CDPATH}/${0##*/}.XXXXXX) || exit 1
wrk=${tmp##*/}
cd $wrk
Repeat-By:
I think somebody needs to audit bash to ask the following questions:
(1) If environment variable X is imported to a script, what
are the bad effects?
(2) What is the probability that a script writer will remember
to reset X? (Heck, how many scripts even reset IFS? And
that's been well known about sh for 20 years.)
(3) If X is disabled in non-interactive mode, what are the bad
results?
(4) Is it sufficient to null out X on startup, and then let
the script reset it if it chooses?
Without doing the audit, I'd guess that the answer to #4 is
nearly always (or, more likely, always) yes.
Fix:
[Description of how to fix the problem. If you don't know a
fix for the problem, don't include this section.]
- Perhaps more than CDPATH is risky,
geoff <=