bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash is incorrectly and inconsistently expanding tilde in $PATH

From: Nikolay Aleksandrovich Pavlov (ZyX)
Subject: Re: Bash is incorrectly and inconsistently expanding tilde in $PATH
Date: Thu, 04 May 2017 19:22:58 +0300 

04.05.2017, 17:54, "Eduardo Bustamante" <dualbus@gmail.com>:
> On Wed, May 3, 2017 at 5:40 PM, Nikolay Aleksandrovich Pavlov (ZyX)
> <kp-pav@yandex.ru> wrote:
> [...]
>>          If $PATH in bash contains ~ (e.g. `PATH='~/bin'`) it is incorrectly 
>> treated
>>          as if $HOME is present.
>
> Hm. You can start bash in POSIX mode
> (https://www.gnu.org/software/bash/manual/bash.html#Bash-POSIX-Mode)
> if you want to disable this feature. i.e.
>
>     dualbus@debian:~$ bash --posix -c 'printf "%s\n" "#!/bin/bash"
> "echo hi" > ~/cmd; chmod +x ~/cmd; PATH=\~; declare -p PATH; cmd'
>     declare -x PATH="~"
>     bash: cmd: command not found
>
>     dualbus@debian:~$ bash -c 'printf "%s\n" "#!/bin/bash" "echo hi" >
> ~/cmd; chmod +x ~/cmd; PATH=\~; declare -p PATH; cmd'
>     declare -x PATH="~"
>     hi

POSIX mode is inconvenient to use: different rc files, a bunch of differences 
regarding scripts, other things. No process substitution, this is a stopper.

>
> Bash's behavior here is intentional by the way, review the function
> find_in_path_element in
> http://git.savannah.gnu.org/cgit/bash.git/tree/findcmd.c?h=devel#n527,
> it will perform tilde expansion if the path component starts with a
> tilde. Perhaps it should be documented under
> https://www.gnu.org/software/bash/manual/bash.html#Bourne-Shell-Variables
> that bash treats tildes inside PATH specially.
>
> Also, I think it's a bit of a stretch to call this a security problem.
> The scenario you describe (a user having a directory literally named
> `~' with a bin subdirectory, a malicious program creating evil
> binaries in $HOME/bin, the user having a misconfigured PATH, ...) is
> highly unlikely.

There still is a consistency problem. $PATH is not a bash-specific variable for 
it to have bash-specific features, and I really saw such bugs in either vim-dev 
or neovim bug tracker (not sure, can’t construct a good search to look for 
non-letter characters like tilde). More likely in Neovim because in Vim it 
would need to have &shell set not to bash.

Also actually found an [issue][1] in powerline, it does not have that much bugs 
to search. This is going to be a problem in all cases when bash is used with 
something which searches in $PATH, but is not bash, so if intentional it is 
a misfeature.

[1]: https://github.com/powerline/powerline/issues/850
reply via email to
[Prev in Thread] Current Thread [Next in Thread]