[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [patch] bug #7 -- which(1) is b0rked
From: Rob Landley <rob () landley ! net>
Date: 2005-08-31 22:08:32
Message-ID: 200508311708.32614.rob () landley ! net
[Download RAW message or body]
On Wednesday 31 August 2005 08:06, Paul Fox wrote:
> > Hi,
> >
> > http://bugs.busybox.net/view.php?id=7
> >
> > sizes are inlined in the patch.
> >
> >
> > PS: please see the bug-comment wrt '::' and let me know if i should deal
> > with it or not.
>
> i've added a note to the bug, which bernhard has probably seen by
> now, but for the list: the issue is that "which" doesn't treat
> empty directories in $PATH as the current directory, and
> therefore won't always find executables that the shell would
> find. PATH has always been interpreted this way by /bin/sh, as
> well as by bash. (though the man page doesn't say so -- that's a
> serious omission, in my opinion).
When an accidental colon can put the current directory into the path, and this
fact isn't even documented anywhere, that's a security hole waiting to
happen. We should not support that. We should _document_ that we don't
support it, and we should document that it's an undocumented "feature" in
other shells.
If you want to put . in the path, be explicit. It's just 1 extra character.
Rob
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic