[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#19998: GREP_OPTIONS alternative?
|
From: |
Christian Kujau |
|
Subject: |
bug#19998: GREP_OPTIONS alternative? |
|
Date: |
Fri, 13 Mar 2015 21:13:19 -0700 (PDT) |
|
User-agent: |
Alpine 2.19.4 (DEB 40 2013-11-18) |
On Fri, 13 Mar 2015 at 19:11, Paul Eggert wrote:
> > An "attacker" can set $PATH to /tmp and do stuff too.
>
> Sure, but that's well-known and standardized and it's easy (and expected) for
> administrative applications to sanitize PATH. The problem comes when we have
s/PATH/TMPDIR/ - or LD_PRELOAD or LD_LIBRARY_PATH, etc. All "well known"
and "potentially dangerous" if not cared for.
I relalize of course that you won't change your mind about GREP_OPTIONS,
but I'm a bit surpised that such a visible change in userspace was done
w/o any consideration of the users of said feature. Oh well...
Christian.
--
BOFH excuse #338:
old inkjet cartridges emanate barium-based fumes
- bug#19998: GREP_OPTIONS alternative?, (continued)
- bug#19998: GREP_OPTIONS alternative?, Norihiro Tanaka, 2015/03/05
- bug#19998: GREP_OPTIONS alternative?, Christian Kujau, 2015/03/05
- bug#19998: GREP_OPTIONS alternative?, Paul Eggert, 2015/03/11
- bug#19998: GREP_OPTIONS alternative?, Christian Kujau, 2015/03/11
- bug#19998: GREP_OPTIONS alternative?, Paul Eggert, 2015/03/11
- bug#19998: GREP_OPTIONS alternative?, Christian Kujau, 2015/03/11
- bug#19998: GREP_OPTIONS alternative?, Paul Eggert, 2015/03/11
- bug#19998: GREP_OPTIONS alternative?, Santiago Ruano Rincón, 2015/03/12
- bug#19998: GREP_OPTIONS alternative?, Christian Kujau, 2015/03/13
- bug#19998: GREP_OPTIONS alternative?, Paul Eggert, 2015/03/13
- bug#19998: GREP_OPTIONS alternative?,
Christian Kujau <=