[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bashbug chooses wrong $EDITOR executable

From: Chet Ramey
Subject: Re: bashbug chooses wrong $EDITOR executable
Date: Tue, 16 Jun 2009 21:38:21 -0400
User-agent: Thunderbird (Macintosh/20090302)

Bob Proulx wrote:
> Chet Ramey wrote:
>> Villeneuve wrote:
>>> Fix:
>>>     Do not prepend system paths in front of PATH in the bashbug script.
>>>     Instead, these default paths could be appended to PATH if necessary.
>> To do otherwise is a potential security hole.
> It seems okay to leave PATH alone to me.  Why set it at all?
> I don't see the security issue that you are concerned about.  Could
> you educate me?

I suppose it's not a large security hole if $EDITOR is used, only
when bashbug chooses $DEFEDITOR.

Frankly, though, it's a good idea to set PATH to have the standard
binary directories before any others when writing a shell script,
especially one that can be run by root.  That's just good practice.

``The lyf so short, the craft so long to lerne.'' - Chaucer

Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]