Subject: Re: bin/6794: sh(1) . (dot) command reads files in current directory if not found in the PATH
To: None <email@example.com>
From: Geoff Wing <firstname.lastname@example.org>
Date: 01/13/1999 08:47:29
ITOH Yasufumi <email@example.com> typed:
:In article <19990112183320.A17763@noc.untraceable.net>
:> > 1. The . (dot) command of sh(1) reads file from current directory
:> > if the argument doesn't contain slashes and the named file
:> > is not found in PATH.
:> > This may be a potential security problem.
:> problem or not...i believe this is the historical behavior and
:> shouldn't be removed.
:Shell searches the path and then the current directory
: zsh 3.0.4 "." command
:Shell does not look at the command search path
: zsh 3.0.4 "source" command
You've been fibbing about zsh:
``.'' : if no slash in command, then search path
``source'' : as ``.'' but cwd is preprended to path
POSIX (older draft) says:
If file does not contain a slash, the shell shall use the search path
specified by PATH to find the directory containing file. Unlike normal
command search, however, the file searched for by the dot utility need
not be executable. If no readable file is found, a noninteractive shell
shall abort; an interactive shell shall write a diagnostic message to
standard error, but this condition shall not be considered a syntax
188.8.131.52 dot Rationale. (This subclause is not a part of P1003.2)
Some older implementations searched the current directory for the file,
even if the value of PATH disallowed it. This behavior was omitted from
POSIX.2 due to concerns about introducing the susceptibility to trojan
horses that the user might be trying to avoid by leaving dot out of PATH.
Geoff Wing <firstname.lastname@example.org> Mobile : 0412 162 441
Work URL: http://www.primenet.com.au/ Ego URL: http://pobox.com/~gcw/