bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bashbug chooses wrong $EDITOR executable


From: Daniel
Subject: Re: bashbug chooses wrong $EDITOR executable
Date: Tue, 16 Jun 2009 19:41:29 -0700 (PDT)
User-agent: G2/1.0

On Jun 16, 9:38 pm, Chet Ramey <address@hidden> wrote:
> Bob Proulx wrote:
> > It seems okay to leave PATH alone to me.  Why set it at all?

I agree.  If as a user I care to set my environment in some specific
way, I expect other programs to honour my settings.
If all my scripts were resetting PATH and hardcoding #!/bin/sh, it
would be much harder to install and use newer versions of programs
(bash included).

> > I don't see the security issue that you are concerned about.  Could
> > you educate me?

> I suppose it's not a large security hole if $EDITOR is used, only
> when bashbug chooses $DEFEDITOR.

Would it be better to set DEFEDITOR to the real path which was tested
just before?
As in:

        elif [ -x /usr/contrib/bin/jove ]; then
                DEFEDITOR=/usr/contrib/bin/jove # instead of just jove

It would seem more robust to me, since /usr/contrib/bin is not
necessarily in PATH.

> Frankly, though, it's a good idea to set PATH to have the standard
> binary directories before any others when writing a shell script,
> especially one that can be run by root.  That's just good practice.

Would a fix prepending system paths if user = root be a better
approach?
Or even reset PATH completely?

if [ $(/usr/bin/id -u) -eq 0 -o $(/usr/bin/id -r) -eq 0 ]; then
  PATH=$(/usr/bin/getconf PATH)
fi

--
Daniel




reply via email to

[Prev in Thread] Current Thread [Next in Thread]