Subject: bin/665: Bourne shell has CWD in default PATH
To: None <gnats-admin@NetBSD.ORG>
From: None <jhawk@MIT.EDU>
List: netbsd-bugs
Date: 12/29/1994 19:50:02
>Number:         665
>Category:       bin
>Synopsis:       Bourne shell has CWD in default PATH
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 29 19:50:01 1994
>Originator:     John Hawkinson
>Release:        1.0
System: NetBSD lola-granola 1.0 NetBSD 1.0 (LOLA-DDB) #56: Sat Dec 17 13:51:12 EST 1994 fsf@lola-granola:/u1/usr/src/sys/arch/i386/compile/LOLA-DDB i386
Still a bug in 29 Dec 1994 -current.


The Bourne shell has a ":" in the default PATH, as defined in

 	{&vpath,	VSTRFIXED|VTEXTFIXED,		"PATH=:/bin:/usr/bin"},

This is inconsistatnt with the mentality that produced the "running
as root with dot in your PATH" message, and is a bit of insecurity/annoyance
nobody needs.

I noted this on current-users some time back, but it really is a bug.


	Invoke sh with no PATH in your environment.

	Remove the colon from the above line of var.c.