From owner-freebsd-arch Fri Jun 30 3: 9:14 2000 Delivered-To: freebsd-arch@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 805DC37C590 for ; Fri, 30 Jun 2000 03:09:10 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id LAA60664; Fri, 30 Jun 2000 11:09:06 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id LAA18177; Fri, 30 Jun 2000 11:09:03 +0100 (BST) (envelope-from brian@Awfulhak.org) Message-Id: <200006301009.LAA18177@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Doug Barton Cc: John Hay , Sheldon Hearn , arch@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: mergemaster: Change in description of envar handling In-Reply-To: Message from Doug Barton of "Thu, 29 Jun 2000 12:05:25 PDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 30 Jun 2000 11:09:03 +0100 From: Brian Somers Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Thu, 29 Jun 2000, John Hay wrote: > > > > > > > No. I already conceded part of this point a while back when I developed > > > the .mergemasterrc mechanism so that people could specify their own PATH > > > (among other things), so there is already a way out of this for those > > > who are not interested in specifying the full path to their PAGER. I'm > > > definitely not going to support a text change which moves away from > > > encouraging "best practice." > > > > Can you tell me why it is good practise to use full paths for environment > > variables, because I don't understand it. > > Essentially, it's the same argument as not putting '.' in the > PATH. Are there bigger, more important security holes to worry > about? Absolutely. That doesn't mean that doing what you can to improve > security isn't worthwhile. Sorry to press the point, but it's not. Having a PAGER with an unqualified program is exactly as secure as your PATH. Looking at the mergemaster code, it looks wrong. o It's ok if PAGER = more - what's so special about more ? o It checks if -x ${PAGER%% *} - looking potentially for an executable in the current directory. I'm guilty of introducing that second bug... Perhaps it should be this: Index: mergemaster.sh =================================================================== RCS file: /home/ncvs/src/usr.sbin/mergemaster/mergemaster.sh,v retrieving revision 1.8 diff -u -r1.8 mergemaster.sh --- mergemaster.sh 2000/05/12 03:09:57 1.8 +++ mergemaster.sh 2000/06/30 10:04:40 @@ -252,7 +252,7 @@ # case "${DONT_CHECK_PAGER}" in '') - while [ "${PAGER}" != "more" -a -n "${PAGER}" -a ! -x "${PAGER%% *}" ]; do + while ! type "${PAGER%% *}" >/dev/null && [ -n "$PAGER" ]; do echo " *** Your PAGER environment variable specifies '${PAGER}', but" echo " I cannot execute it. In general it is good practice to" echo " specify the full path for environment variables like" Of course the more descriptive text stuff about PATH being altered should still be added. BTW, the [ -n "$PAGER" ] *should* be done first but isn't because there seems to be a bug in sh where you can't say while program1 && ! program2 but you can say while ! program2 && program1 -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message