Update of bug #65804 (group findutils):
Status: None => Working as Intended
Assigned to: None => berny
_______________________________________________________
Follow-up Comment #1:
"~" is a meta-character known by the shell, and the shell
should usually expand it to the same value as "$HOME".
Still, in PATH environment variable, one should only have the
expanded value, i.e., not the literal '~/bin', because
that would really mean a relative directory with name '~/bin'.
The following illustrates the problematic PATH setting:
$ mkdir dir
$ env PATH="~/bin:$PATH" find dir -execdir realpath '{}' \;
find: The relative path ‘~/bin’ is included in the PATH environment
variable, which is insecure in combination with the -execdir action of find.
Please remove that entry from $PATH
$ env PATH="$HOME/bin:$PATH" find dir -execdir realpath '{}' \;
/tmp/dir
Thus, I am convinced that this is a real problem in your PATH
setting, and not a problem in find(1) ... and actually find(1)
brought that topic up to you which is good. :-)
Hence I'm hereby setting this to works-as-intended.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?65804>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
