On Thu, May 4, 2017 at 10:01 AM, Greg Wooledge <wool...@eeg.ccf.org> wrote:
[...]
> Without taking a side on whether this is a security bug in bash, I will
> support the idea that users who put ~/bin (or similar) in PATH should
> be educated to make sure the ~ is expanded, rather than literal. This
> will protect them even if bash gets patched, because most of them will
> still be using an older/unpatched version.
So should bash print a warning whenever it performs tilde expansion in
one of the PATH components? (similar to the warning it prints when
discarding NUL bytes).
Something like:
dualbus@debian:~/src/gnu/bash$ ./bash -c 'PATH="~"; cmd'
./bash: warning: command lookup: performing tilde expansion due to
literal `~' found in PATH
hi
dualbus@debian:~/src/gnu/bash$ git diff -- findcmd.c
diff --git a/findcmd.c b/findcmd.c
index c3f00a40..12d3ac2d 100644
--- a/findcmd.c
+++ b/findcmd.c
@@ -524,7 +524,12 @@ find_in_path_element (name, path, flags,
name_len, dotinfop)
int status;
char *full_path, *xpath;
- xpath = (posixly_correct == 0 && *path == '~') ? bash_tilde_expand
(path, 0) : path;
+ if (posixly_correct == 0 && *path == '~') {
+ internal_warning ("%s", "command lookup: performing tilde
expansion due to literal `~' found in PATH");
+ xpath = bash_tilde_expand (path, 0);
+ } else {
+ xpath = path;
+ }
/* Remember the location of "." in the path, in all its forms
(as long as they begin with a `.', e.g. `./.') */
