On 2017-05-04 at 10:11 -0500, Eduardo Bustamante wrote: > On Thu, May 4, 2017 at 10:01 AM, Greg Wooledge <wool...@eeg.ccf.org> wrote: > [...] > > Without taking a side on whether this is a security bug in bash, I will > > support the idea that users who put ~/bin (or similar) in PATH should > > be educated to make sure the ~ is expanded, rather than literal. This > > will protect them even if bash gets patched, because most of them will > > still be using an older/unpatched version. > > So should bash print a warning whenever it performs tilde expansion in > one of the PATH components? (similar to the warning it prints when > discarding NUL bytes).
No. IMHO the fix would be to expand ~ at assignment time, even when quoted, ie. PATH='~/bin' would be equivalent to PATH=~/bin Thus, assignments of ~/whatever done in bash would continue working, and descendants using a execvp() function would not find a bare tilde but the expanded path, which is the 'expected' thing. (And for people that really want a literal ~ in PATH, that is already «broken» in bash, so if they expect that to be kept, they should not be doing so within bash)
