Control: forcemerge 781367 991959 Hi Ian,
On Fri, Aug 06, 2021 at 06:39:21PM +0100, Ian Jackson wrote: > Package: bash > Version: 5.1-3 > Severity: important > File: /bin/bash > Tags: security > > Observed behaviour: > > $ env - bash -c 'echo $PATH' > /usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:. > $ > > Expected behaviour: > > $ env - bash -c 'echo $PATH' > /usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin > $ > > dash gets this right. Tagging this "important" because having . on > the path is a security hazard which we mostly got rid of everywhere. > > Having . come back in unusual situations where bash makes up the PATH > is quite unexpected and surely not desirable. I guess we can merge this one with #781367, doing so now. Regards, Salvatore
