[patch] bug #7 -- which(1) is b0rked
Rob Landley
rob at landley.net
Wed Aug 31 22:08:32 UTC 2005
On Wednesday 31 August 2005 08:06, Paul Fox wrote:
> > Hi,
> >
> > http://bugs.busybox.net/view.php?id=7
> >
> > sizes are inlined in the patch.
> >
> >
> > PS: please see the bug-comment wrt '::' and let me know if i should deal
> > with it or not.
>
> i've added a note to the bug, which bernhard has probably seen by
> now, but for the list: the issue is that "which" doesn't treat
> empty directories in $PATH as the current directory, and
> therefore won't always find executables that the shell would
> find. PATH has always been interpreted this way by /bin/sh, as
> well as by bash. (though the man page doesn't say so -- that's a
> serious omission, in my opinion).
When an accidental colon can put the current directory into the path, and this
fact isn't even documented anywhere, that's a security hole waiting to
happen. We should not support that. We should _document_ that we don't
support it, and we should document that it's an undocumented "feature" in
other shells.
If you want to put . in the path, be explicit. It's just 1 extra character.
Rob
More information about the busybox
mailing list