Re: Absolute pathnames to commands in shell scripts

From: Stephane CHAZELAS (this.address_at_is.invalid)
Date: 01/29/04

  • Next message: nospam55: "Re: bash: how to restore output to the term after exec>FILE?" 
    Date: Thu, 29 Jan 2004 18:35:16 +0100

    2004-01-29, 16:33(+00), Michael Tosch:
    [...]
    >> [[ -x $MYPROG ]] || { print -u2 "$MYPROG: No such executable";
    >> exit 1; }
    >
    > The existings of executable tools like ls,awk,sed can often be taken
    > for granted.
    > On the other hand, most differences are in tools behavior, arguments,
    > capabilities.

    On SUSv3 conformant systems, in a SUSv3 conformant script
    interpreted by a SUSv3 conformant shell,

    PATH=$(command -p getconf PATH)${PATH+:$PATH}
    export PATH

    Ensures that all the utilities specified at
    http://www.opengroup.org/onlinepubs/007904975/utilities/contents.html
    exist and conform to that specification.

    [...]
    >
    > If security matters, nail it down (PATH and IFS).
    > The normal method is to prepend it:
    >
    > PATH=/bin:/usr/bin:/opt/myapps/mybin:$PATH
    >
    > If you *want* the users to take influence, append it:
    >
    > PATH=${PATH}:/bin:/usr/bin:/opt/myapps/mybin

    IFS is not a problem. Depending on the shell/the script there
    may be with ENV, BASH_ENV, FIGNORE, SHELLOPTS, ARGV0, HOME,
    ZDOTDIR, FPATH, LANG, LC_*, TMOUT (funny with bash and ksh93),
    LD_PRELOAD, SHLIB_PATH, LD_LIBRARY_PATH, all sorts of other
    dynamic linker variables, STTY, TMPPREFIX... some of which you
    can't do anything against (as it's too late when the script is
    started).

    ~$ FIGNORE='!(..)' ksh93 -c 'echo rm -rf *'
    rm -rf ..

    If a user wants to break a script, he'll always be able to do
    so, he can edit the script and put garbage in it.
    I think it's enough to only fix what the user might have
    reasonably changed, for the rest, the user is to be blamed if
    the script failed because of an unexpected value for a variable. 

    -- 
Stéphane                      ["Stephane.Chazelas" at "free.fr"]
  • Next message: nospam55: "Re: bash: how to restore output to the term after exec>FILE?"