|
From: | Paul Eggert |
Subject: | bug#19998: GREP_OPTIONS alternative? |
Date: | Fri, 13 Mar 2015 19:11:36 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 |
Christian Kujau wrote:
An "attacker" can set $PATH to /tmp and do stuff too.
Sure, but that's well-known and standardized and it's easy (and expected) for administrative applications to sanitize PATH. The problem comes when we have lots of mysterious little environment variables any of which can wreak havoc.
[Prev in Thread] | Current Thread | [Next in Thread] |