On Wed, Jan 7, 2009 at 21:49, Peter Stephenson
wrote:
> Since the path is still absolute I don't see how this could effect
> security, either, except maybe at second hand... if you sanitized the
> early part of the path but didn't look for "..", so the component could
> end up pointing out of tha
Bart Schaefer wrote:
> On Jan 7, 8:09pm, Peter Stephenson wrote:
> }
> } This is done explicitly in the code, but I have no idea why; it precedes
> } the CVS archive. The function isrelative() is only used by hashdir().
>
> I believe it's a security thing, so that an inherited $PATH can't fool
>
On Jan 7, 8:09pm, Peter Stephenson wrote:
}
} This is done explicitly in the code, but I have no idea why; it precedes
} the CVS archive. The function isrelative() is only used by hashdir().
I believe it's a security thing, so that an inherited $PATH can't fool
someone into executing code from a
On 2009-01-01 17:24:17 +0100, Richard Hartmann wrote:
> roadwarrior% touch foobin
> roadwarrior% chmod +x foobin
> roadwarrior% export PATH=/home/richih/killme
> roadwarrior% fo
> foofoobin forforeach
> roadwarrior% export PATH=/home/richih/../richih/killme
> roadwarrior% fo
> r
Hi all,
don't ask me why anyone would use .. in $PATH, but here
goes:
roadwarrior% touch foobin
roadwarrior% chmod +x foobin
roadwarrior% export PATH=/home/richih/killme
roadwarrior% fo
foofoobin forforeach
roadwarrior% export PATH=/home/richih/../richih/killme
roadwarrior% fo
5 matches
Mail list logo
