On 5/4/17 5:00 PM, Ángel wrote:
> No. IMHO the fix would be to expand ~ at assignment time, even when
> quoted, ie. PATH='~/bin' would be equivalent to PATH=~/bin
No. The semantics of expansion in quoted strings are well defined.
Performing tilde expansion on a quoted string in an assignment stat
On 5/3/17 6:40 PM, Nikolay Aleksandrovich Pavlov (ZyX) wrote:
> Bash Version: 4.3
> Patch Level: 48
> Release Status: release
>
> Description:
> If $PATH in bash contains ~ (e.g. `PATH='~/bin'`) it is incorrectly
> treated
> as if $HOME is present.
Yes. This is one of the oldest fe
On 2017-05-04 at 10:11 -0500, Eduardo Bustamante wrote:
> On Thu, May 4, 2017 at 10:01 AM, Greg Wooledge wrote:
> [...]
> > Without taking a side on whether this is a security bug in bash, I will
> > support the idea that users who put ~/bin (or similar) in PATH should
> > be educated to make sure
04.05.2017, 17:54, "Eduardo Bustamante" :
> On Wed, May 3, 2017 at 5:40 PM, Nikolay Aleksandrovich Pavlov (ZyX)
> wrote:
> [...]
>> If $PATH in bash contains ~ (e.g. `PATH='~/bin'`) it is incorrectly
>> treated
>> as if $HOME is present.
>
> Hm. You can start bash in POSIX mod
On Thu, May 4, 2017 at 10:01 AM, Greg Wooledge wrote:
[...]
> Without taking a side on whether this is a security bug in bash, I will
> support the idea that users who put ~/bin (or similar) in PATH should
> be educated to make sure the ~ is expanded, rather than literal. This
> will protect them
On Thu, May 04, 2017 at 09:54:07AM -0500, Eduardo Bustamante wrote:
> Also, I think it's a bit of a stretch to call this a security problem.
> The scenario you describe (a user having a directory literally named
> `~' with a bin subdirectory, a malicious program creating evil
> binaries in $HOME/bi
Here's a previous discussion on that subject:
- http://lists.gnu.org/archive/html/bug-bash/2014-07/msg00022.html
- https://lists.gnu.org/archive/html/bug-bash/2014-08/msg2.html
On Wed, May 3, 2017 at 5:40 PM, Nikolay Aleksandrovich Pavlov (ZyX)
wrote:
[...]
> If $PATH in bash contains ~ (e.g. `PATH='~/bin'`) it is incorrectly
> treated
> as if $HOME is present.
Hm. You can start bash in POSIX mode
(https://www.gnu.org/software/bash/manual/bash.html#Bash
configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: x86_64-pc-linux-gnu-gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/s
