On Sun 2015-12-13 06:17:07 -0500, Tomi Ollila wrote: > Actually now that I sent this mail it kept rolling on my mind... If anyone > else than me (and libgpgme?) thinks that '.' should not be in search path > we could do
fwiw, i agree that . should *not* be in the search path. > if (getenv("PATH") == NULL) { > path_set = true; > setenv("PATH", "/bin:/usr/bin", 1); // XXX *BSD configurability // > } > else path_set = false; > > ... g_find_program_in_path("gpg2") > ... g_find_program_in_path("gpg") > > if (path_set) { > unsetenv("PATH"); I'm game for something like this, but i've got a queue of patches i'm about to send that would provide a different place to make this change, so i'm not making it now. please keep this in mind, though :) > I also thought of examining the return value starting with ./ but > (current or) future version of g_find_program_in_path() might > canonicalize the returned path... i'm not sure what this suggestion means -- do you mean checking to see whether the returned value started with ./ ? If so, I agree that this seems like a not very robust way to protect against this problem. Should we maybe also be reporting this as a bug against g_find_program_in_path ? --dkg _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch