bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash has the current working directory in PATH by default


From: Chris F.A. Johnson
Subject: Re: Bash has the current working directory in PATH by default
Date: Sun, 6 Jun 2004 06:19:11 -0400 (EDT)

yOn Sat, 5 Jun 2004, Christian Biere wrote:

Hi,

I incidently found a reply to my bug report with Google. As you could
have expected I am not subscribed to address@hidden or whatever.

    The mailing list is also posted to the gnu.bash.bug newsgroup (it
    appears to be working now); you can read replies there.

Anyway, you're right I missed this in the manpage. Does this change
anything? I don't think so.

     It points out that you subject line contains an incorrect
     assertion; bash does NOT have "the current working directory in
     PATH by default".

     If it was in the environment variable PATH when bash was invoked,
     then it will be included; if it was not there, it will not be
     included.

You often have to work with a system you haven't set up yourself,
and you might not even be aware - or check that /bin/sh is actually
bash.

     It would be the same for any shell.

Blah blah blah...  Do you really expect me to throw hundreds of
real-life examples involving a dot in PATH?  Do you think you can
fix issues by a stupid RTFM?

     Yes and no. After reading the man page, you should be aware that
     the problem is not with bash, but with the calling environment.

     It tells you where the problem needs to be fixed (i.e., before
     bash is invoked).

What's next? "We sell rope."? Actually, all you have to miss in the
documentation is *two* fuckin characters.

     Only two? The relevant clause is, "The default path is
     system-dependent".

This is a SECURITY issue.

     While it is certainly inadvisable to put the current directory in
     one's PATH, the danger is fairly small if it is at the end of a
     regular user's PATH.

There a dozens if not hundreds of switches and buttons to push.
Don't you think this is a *little* too few of a hint?

     If you cannot fix the calling environment, then put a command in
     your .bash_profile and/or .bashrc file to remove the current
     directory if it is included in PATH.

--
        Chris F.A. Johnson                      http://cfaj.freeshell.org
        =================================================================
                Everything in moderation -- including moderation




reply via email to

[Prev in Thread] Current Thread [Next in Thread]