Re: Should I redefine PATH in my shell scripts



On Nov 27, 9:25 pm, Barry Margolin <bar...@xxxxxxxxxxxx> wrote:
In article <87tz9t55lu....@xxxxxxxxxxx>,
 Maxwell Lol <nos...@xxxxxxxxxxx> wrote:

James Kanze <james.ka...@xxxxxxxxx> writes:
If it is a script that might be executed as root, it is
absolutely essential, for security reasons, that you set
your path.  Otherwise, you don't know what you're getting.
 Which is a definite no-no as root.

Definite? I don't agree.

I don't think you can assume a script writer knows
more about the security of a system than the system admin.

James Kanze seems to be thinking of a script that's run by
root but with PATH somehow set by a non-root.  This could
conceivably happen if the OS allows setuid scripts, but
doesn't set a default PATH when performing the uid change.
 This would be analogous to a system that didn't reset
LD_LIBRARY_PATH when exec'ing a setuid executable.

Yes. Since it is a situation that I've actually seen. But even
otherwise; the person working as root could have set some other
path, in order to get the version of the utility he wants, but
that version could cause problems with your script. The person
who set the path knows which version of the utility he will get,
and how it behaves; the only way you, as a script author, can
know that is if you set the path.

--
James Kanze (GABI Software) email:james.kanze@xxxxxxxxx
Conseils en informatique orientée objet/
Beratung in objektorientierter Datenverarbeitung
9 place Sémard, 78210 St.-Cyr-l'École, France, +33 (0)1 30 23 00 34
.