Dominik Vogt wrote [2003/09/17]:
> A colleague and I just noticed that the "source" builtin looks for
> its argument in the $PATH. I guess that's something POSIX
> demands, but isn't it also a security risk? In this case, the
> following happened:
>
> $ ls -F
> test
> $ cat test
> echo hello world
> $ source test
> /usr/bin/test:3: bad pattern: ^@^F^@(...
Are you really sure you typed "source" here?
> Unless it is really important to have this behaviour for
> compatibility reasons, shouldn't searching the $PATH be at least
> disabled by default?
Quoting the manpage:
source file [ arg ... ]
Same as ., except that the current directory is always searched
and is always searched first, before directo- ries in $path.
Testing myself:
/tmp> cat test
echo hello world
/tmp> ls -l test
-rw-r--r-- 1 jean-luc jean-luc 17 2003-09-17 08:49 test
/tmp> . test
/usr/bin/test:12: parse error near `)'
/tmp> source test
hello world
Seems you have typed ". test" :-)
. file [ arg ... ]
Read commands from file and execute them in the
current shell environment.
If file does not contain a slash, or if PATH_DIRS
is set, the shell looks in the components of $path
to find the directory containing file. Files
in the current directory are not read unless `.'
appears somewhere in $path. If a file named
`file.zwc' is found, is newer than file, and is the
compiled form (created with the zcompile
builtin) of file, then commands are read from that
file instead of file.
If any arguments arg are given, they become
the positional parameters; the old positional
parameters are restored when the file is done
executing. The exit status is the exit status of
the last command executed.
> Ciao
>
> Dominik ^_^ ^_^
Ciao,
Thomas
--
Thomas Köhler Email: jean-luc@xxxxxxxxxxxxxxxxx | LCARS - Linux
<>< WWW: http://jeanluc-picard.de | for Computers
IRC: jeanluc | on All Real
PGP public key available from Homepage! | Starships
Attachment:
pgpUE4637lmNH.pgp
Description: PGP signature