tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

-current's /etc/security wrongly detects "." in root's path

From Sat Jan 15 22:01:04 2011
Date: Sat, 15 Jan 2011 22:01:04 +0100
From: (Dennis den Brok)
Subject: -current's /etc/security wrongly detects "." in root's path
User-Agent: Heirloom mailx 12.4 7/29/08
Content-Type: text/plain; charset=us-ascii
Status: RO


if I'm not mistaken, the check whether root's $PATH contains "."
in /etc/security is wrong (at least for sh/ksh):

list="/etc/profile ${rhome}/.profile"
for i in $list; do
        unset PATH
        /bin/sh << end-of-sh > /dev/null 2>&1
                . $i
                list=\$\(echo \$PATH | /usr/bin/sed -e \
                        's/^:/.:/;s/:$/:./;s/::/:.:/g;s/:/ /g'\)
                        /bin/ls -ldgT \$list > $TMP1
        awk '{
                if ($10 ~ /^\.$/) {
                        print "\tThe root path includes .";

/etc/profile is empty by default, so 'ls' ends up being called
without pathname argument and printing the requested information
for ".".

The right thing to do seems to me to be removing the for-loop
and just including both /etc/profile and /root/.profile.


Dennis den Brok

Home | Main Index | Thread Index | Old Index