Bug 8327 - CWD is is in path if two consecutive colons appear in $PATH
CWD is is in path if two consecutive colons appear in $PATH
Product: Red Hat Linux
Classification: Retired
Component: bash (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
: Security
Depends On:
  Show dependency treegraph
Reported: 2000-01-10 07:42 EST by David Balažic
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-01-12 14:53:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Balažic 2000-01-10 07:42:57 EST
bash-1.14.7-16 searches the CWD even if it is not in $PATH,
when there are two consecutive colons in the $PATH value or
the PATH strings ends with a colon. Examples :
PATH="/bin:/usr/bin:/usr/local/bin"   is OK
PATH="/bin:/usr/bin:/usr/local/bin:."  includes CWD , is OK
PATH="/bin:/usr/bin::/usr/local/bin"   includes CWD , BUG !
PATH="/bin:/usr/bin:/usr/local/bin:"   includes CWD , BUG !
Comment 1 David Balažic 2000-01-10 12:17:59 EST
A guy from the bash-bug mail list says that this is intended and I
discovered that tcsh behaves the same.
But on redhat 6.0 when the root starts an xterm ( or a kterm or gnome-term,
I don't remember ) in and KDE ( or GNOME ) session, he has the CWD implicitly
( due to this "bug" ) in his PATH, but not when logging on /dev/tty1 .
Having CWD in PATH is a security problem, especialy for root and
if the fact is "hidden" by this "bug".
Comment 2 Bernhard Rosenkraenzer 2000-01-12 14:53:59 EST
It is not a bug, and you don't end up with a "broken" PATH (with two colons or a
colon at the end) unless you edit .bashrc, .bash_profile or the likes to change
your PATH.
Comment 3 Riley H Williams 2000-01-18 09:09:59 EST
Not sure if it's related, but the version of RedHat 6.0 distributed on the cover
of Linux Answers magazine will install a system where every user (including
root) gets a PATH that BEGINS with a colon. Does that cause the same problem?

Memory says that the path given to root on such installations is as follows:

        +--- That's the miscreant...


Note You need to log in before you can comment on or make changes to this bug.