Bob Proulx wrote: > Chet Ramey wrote: >> Villeneuve wrote: >> >>> Fix: >>> Do not prepend system paths in front of PATH in the bashbug script. >>> Instead, these default paths could be appended to PATH if necessary. >> To do otherwise is a potential security hole. > > It seems okay to leave PATH alone to me. Why set it at all? > > I don't see the security issue that you are concerned about. Could > you educate me?
I suppose it's not a large security hole if $EDITOR is used, only when bashbug chooses $DEFEDITOR. Frankly, though, it's a good idea to set PATH to have the standard binary directories before any others when writing a shell script, especially one that can be run by root. That's just good practice. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
