netbsd-bugs: Re: bin/6794: sh(1) . (dot) command reads files in current directory if not found in the PATH

Subject: Re: bin/6794: sh(1) . (dot) command reads files in current directory if not found in the PATH
To: None <twofsonet@graffiti.com>
From: ITOH Yasufumi <yasufu-i@is.aist-nara.ac.jp>
List: netbsd-bugs
Date: 01/13/1999 16:04:54

In article <19990112183320.A17763@noc.untraceable.net>
twofsonet@graffiti.com writes:

> > 1. The . (dot) command of sh(1) reads file from current directory
> >    if the argument doesn't contain slashes and the named file
> >    is not found in PATH.
> >    This may be a potential security problem.
> 
> problem or not...i believe this is the historical behavior and
> shouldn't be removed.
> 
> fwiw - csh does the exact same thing.

Well, I think the "source" command of csh is totally different from "." of sh.
"source" does not use the command search path at all.

I inspected other shells.

Shell searches the path only (does *not* look at the current directory)
	"." command of
		HP-UX 9.07	sh, ksh
		IRIX 6.2	sh, ksh
		NEXTSTEP 3.2J	sh
		OSF/1 4.0B	sh (Bourne shell and POSIX shell), ksh
		Solaris 2.4	sh, ksh
		SunOS 4.1.3_U1	sh

Shell searches the path and then the current directory
	ash (our shell)	"." command
	bash 1.14.7	"." and "source" commands
	zsh 3.0.4	"." command

Shell does not look at the command search path
	csh		"source" command
	tcsh 6.05.01	"source" command
	zsh 3.0.4	"source" command

... then, I think the . command of traditional Bourne and Korn shells
does not see current directory if not in the PATH.

What does the POSIX specify?

Thanks,
--
ITOH, Yasufumi <yasufu-i@is.aist-nara.ac.jp>, <itohy@netbsd.org>