[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cannot declare local variables if they're readonly
|
From: |
Greg Wooledge |
|
Subject: |
Re: cannot declare local variables if they're readonly |
|
Date: |
Thu, 23 Jul 2015 08:13:21 -0400 |
|
User-agent: |
Mutt/1.4.2.3i |
On Thu, Jul 23, 2015 at 01:12:01AM +0200, isabella parakiss wrote:
> From variables.c
>
> The test against old_var's context
> level is to disallow local copies of readonly global variables (since I
> believe that this could be a security hole).
>
> Can you please explain how that can be a security hole?
People who use "readonly" are generally doing so in the context of a
"restricted shell" (yes, commence laughter) or other situation where
that specific variable is the key to unlocking something that the
administrator does not want the user to unlock. The entity who used
"readonly" is presumed to want that variable to remain unchanged, forever.
A typical example is PATH.
I am not advocating this security model. I'm just explaining the
rationale.
Re: cannot declare local variables if they're readonly, Stephane Chazelas, 2015/07/23
Re: cannot declare local variables if they're readonly, Chet Ramey, 2015/07/23