Red Hat Bugzilla – Bug 8327
CWD is is in path if two consecutive colons appear in $PATH
Last modified: 2008-05-01 11:37:53 EDT
bash-1.14.7-16 searches the CWD even if it is not in $PATH,
when there are two consecutive colons in the $PATH value or
the PATH strings ends with a colon. Examples :
PATH="/bin:/usr/bin:/usr/local/bin" is OK
PATH="/bin:/usr/bin:/usr/local/bin:." includes CWD , is OK
PATH="/bin:/usr/bin::/usr/local/bin" includes CWD , BUG !
PATH="/bin:/usr/bin:/usr/local/bin:" includes CWD , BUG !
A guy from the bash-bug mail list says that this is intended and I
discovered that tcsh behaves the same.
But on redhat 6.0 when the root starts an xterm ( or a kterm or gnome-term,
I don't remember ) in and KDE ( or GNOME ) session, he has the CWD implicitly
( due to this "bug" ) in his PATH, but not when logging on /dev/tty1 .
Having CWD in PATH is a security problem, especialy for root and
if the fact is "hidden" by this "bug".
It is not a bug, and you don't end up with a "broken" PATH (with two colons or a
colon at the end) unless you edit .bashrc, .bash_profile or the likes to change
Not sure if it's related, but the version of RedHat 6.0 distributed on the cover
of Linux Answers magazine will install a system where every user (including
root) gets a PATH that BEGINS with a colon. Does that cause the same problem?
Memory says that the path given to root on such installations is as follows:
+--- That's the miscreant...