On 7/5/06, Boyd Stephen Smith Jr. <[EMAIL PROTECTED]> wrote:
On Saturday 03 June 2006 16:11, znx <[EMAIL PROTECTED]> wrote about 'Re:
[gentoo-user] bash wizardry needed: PATH and MANPATH grow and grow and
grow':
> On 27/05/06, Kevin O'Gorman <[EMAIL PROTECTED]> wrote:
> > Open to debate. I'd think it's not very dangerous at the *end* of
> > the PATH.
>
> True, I have modified the script so that a . may enter the PATH (etc)
> only as the final entry. Also good point about ~/bin .. it is just as
> dangerous.
Actually, it's not as dangerous. ~/bin is a well-known location that is
(normally) only writable by the user themselves. '.' is a floating
location, that may (from time to time) refer to a directory that is
world-writable like /tmp, /var/tmp, or /dev/shm.
Having '.' in your path allows arbitrary guest users to run programs with
your permissions. Putting it at the end of your PATH prevents them from
shadowing existing commands, but doesn't prevent them from taking
advantage of typos.
Having ~/bin or even just ~ in your PATH does not open this security hole
unless you also make that directory world writable.
Good point.
I've also fooled around with the script a bit, and arrived at something that's
easier for me to read, and a bit more permissive. YMMV
compresspath ()
{
local var="${1:-PATH}" # arg 1; default to $PATH
local newpath=:
local entry
for entry in ${!var//:/ }; # change ":" to space (so separates words)
do
case $newpath in
*:${entry}:*) # already there -- do nothing
;;
*)
newpath=$newpath$entry:
;;
esac
done
newpath="${newpath#:}"; # drop leading ":"
newpath="${newpath%:}"; # drop trailing ":"
eval "$var"'="${newpath}"'
}
++ kevin
--
Kevin O'Gorman, PhD
--
gentoo-user@gentoo.org mailing list
