From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FyvHT-00045A-FY for garchives@archives.gentoo.org; Fri, 07 Jul 2006 18:42:23 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k67IdkQJ031593; Fri, 7 Jul 2006 18:39:46 GMT Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k67IVcGK013670 for ; Fri, 7 Jul 2006 18:31:38 GMT Received: by nf-out-0910.google.com with SMTP id b2so34524nfe for ; Fri, 07 Jul 2006 11:31:38 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=DvKRDcQvPg9j96ml4vss9gx2LG/RMh6HyjXf9zepUzEfqcQIfwkYTIFeqQgDa9ltX0MqLlNmQACL2ch8LcqQ6rkT5vzcrOwV4H/lfTwFcm7iN1WPgmxxqHgG3mjSMM0ZCd74qj5LDpJFSfps8IkY2gObFEFbLdPUMrpZXM4h9DE= Received: by 10.49.93.18 with SMTP id v18mr1688681nfl; Fri, 07 Jul 2006 11:31:38 -0700 (PDT) Received: by 10.48.212.13 with HTTP; Fri, 7 Jul 2006 11:31:38 -0700 (PDT) Message-ID: <9acccfe50607071131t70e6d718uf5e198827afbeb45@mail.gmail.com> Date: Fri, 7 Jul 2006 11:31:38 -0700 From: "Kevin O'Gorman" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] bash wizardry needed: PATH and MANPATH grow and grow and grow In-Reply-To: <200607051433.51500.bss03@volumehost.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <9acccfe50605211556h542921a9kbd79da6a016e2101@mail.gmail.com> <9acccfe50605261952o7b548a6ah9710d3f8fff42f0d@mail.gmail.com> <169ffc030606031411x5ad27411qf6620f2c7f739462@mail.gmail.com> <200607051433.51500.bss03@volumehost.net> X-Archives-Salt: 83cfbaa8-c822-44b2-9e8d-79f8b835f26d X-Archives-Hash: d09fba875d2473243024beacfa7ff606 On 7/5/06, Boyd Stephen Smith Jr. wrote: > On Saturday 03 June 2006 16:11, znx wrote about 'Re: > [gentoo-user] bash wizardry needed: PATH and MANPATH grow and grow and > grow': > > On 27/05/06, Kevin O'Gorman wrote: > > > Open to debate. I'd think it's not very dangerous at the *end* of > > > the PATH. > > > > True, I have modified the script so that a . may enter the PATH (etc) > > only as the final entry. Also good point about ~/bin .. it is just as > > dangerous. > > Actually, it's not as dangerous. ~/bin is a well-known location that is > (normally) only writable by the user themselves. '.' is a floating > location, that may (from time to time) refer to a directory that is > world-writable like /tmp, /var/tmp, or /dev/shm. > > Having '.' in your path allows arbitrary guest users to run programs with > your permissions. Putting it at the end of your PATH prevents them from > shadowing existing commands, but doesn't prevent them from taking > advantage of typos. > > Having ~/bin or even just ~ in your PATH does not open this security hole > unless you also make that directory world writable. Good point. I've also fooled around with the script a bit, and arrived at something that's easier for me to read, and a bit more permissive. YMMV compresspath () { local var="${1:-PATH}" # arg 1; default to $PATH local newpath=: local entry for entry in ${!var//:/ }; # change ":" to space (so separates words) do case $newpath in *:${entry}:*) # already there -- do nothing ;; *) newpath=$newpath$entry: ;; esac done newpath="${newpath#:}"; # drop leading ":" newpath="${newpath%:}"; # drop trailing ":" eval "$var"'="${newpath}"' } ++ kevin -- Kevin O'Gorman, PhD -- gentoo-user@gentoo.org mailing list