[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #18576] -execdir vs. PATH
|
From: |
Eric Blake |
|
Subject: |
[bug #18576] -execdir vs. PATH |
|
Date: |
Fri, 29 Dec 2006 20:43:41 +0000 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 Mnenhy/0.7.4.666 |
Follow-up Comment #8, bug #18576 (project findutils):
True, any command that invokes another app (nice, su, nohup, ...) can perform
PATH searches. But is this really find's problem? It is not sensible to
teach find about every program that invokes one of its arguments as another
program. Maybe a compromise is in order: if PATH contains relative elements,
find should always issue a warning, regardless of whether command or its
arguments have a /, on the grounds that the invoked command may also cause an
insecure PATH search. Additionally, if command does not contain /, and a PATH
search encounters a relative path before finding command, then find should
outright fail. In other words, only fail when find can _prove_ that a
relative path search will occur, but warn the user of the security potential
without worrying about deciphering the semantics of how command will further
parse its arguments.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?18576>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #18576] -execdir vs. PATH, Eric Blake, 2006/12/22
- [bug #18576] -execdir vs. PATH, James Youngman, 2006/12/22
- [bug #18576] -execdir vs. PATH, Eric Blake, 2006/12/22
- [bug #18576] -execdir vs. PATH, James Youngman, 2006/12/22
- [bug #18576] -execdir vs. PATH, Egmont Koblinger, 2006/12/26
- [bug #18576] -execdir vs. PATH, Eric Blake, 2006/12/26
- [bug #18576] -execdir vs. PATH, James Youngman, 2006/12/29
- [bug #18576] -execdir vs. PATH, James Youngman, 2006/12/29
- [bug #18576] -execdir vs. PATH,
Eric Blake <=