Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

security risk in source builtin?

X-seq: zsh-users 6584
From: Dominik Vogt <dominik.vogt@xxxxxx>
To: Zsh Users <zsh-users@xxxxxxxxxx>
Subject: security risk in source builtin?
Date: Tue, 16 Sep 2003 16:58:20 +0200
Mail-followup-to: Zsh Users <zsh-users@xxxxxxxxxx>
Mailing-list: contact zsh-users-help@xxxxxxxxxx; run by ezmlm
Reply-to: dominik.vogt@xxxxxx

A colleague and I just noticed that the "source" builtin looks for
its argument in the $PATH.  I guess that's something POSIX
demands, but isn't it also a security risk?  In this case, the
following happened:

  $ ls -F
  test
  $ cat test
  echo hello world
  $ source test
  /usr/bin/test:3: bad pattern: ^@^F^@(...

Unless it is really important to have this behaviour for
compatibility reasons, shouldn't searching the $PATH be at least
disabled by default?

Ciao

Dominik ^_^  ^_^

Follow-Ups:
- Re: security risk in source builtin?
  - From: Thomas Köhler

Messages sorted by: Reverse Date, Date, Thread, Author