Bug 8327 - CWD is is in path if two consecutive colons appear in $PATH
Summary: CWD is is in path if two consecutive colons appear in $PATH
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: bash
Version: 6.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2000-01-10 12:42 UTC by David Balažic
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2000-01-12 19:53:27 UTC

Attachments (Terms of Use)

Description David Balažic 2000-01-10 12:42:57 UTC
bash-1.14.7-16 searches the CWD even if it is not in $PATH,
when there are two consecutive colons in the $PATH value or
the PATH strings ends with a colon. Examples :
PATH="/bin:/usr/bin:/usr/local/bin"   is OK
PATH="/bin:/usr/bin:/usr/local/bin:."  includes CWD , is OK
PATH="/bin:/usr/bin::/usr/local/bin"   includes CWD , BUG !
PATH="/bin:/usr/bin:/usr/local/bin:"   includes CWD , BUG !

Comment 1 David Balažic 2000-01-10 17:17:59 UTC
A guy from the bash-bug mail list says that this is intended and I
discovered that tcsh behaves the same.
But on redhat 6.0 when the root starts an xterm ( or a kterm or gnome-term,
I don't remember ) in and KDE ( or GNOME ) session, he has the CWD implicitly
( due to this "bug" ) in his PATH, but not when logging on /dev/tty1 .
Having CWD in PATH is a security problem, especialy for root and
if the fact is "hidden" by this "bug".

Comment 2 Bernhard Rosenkraenzer 2000-01-12 19:53:59 UTC
It is not a bug, and you don't end up with a "broken" PATH (with two colons or a
colon at the end) unless you edit .bashrc, .bash_profile or the likes to change
your PATH.

Comment 3 Riley H Williams 2000-01-18 14:09:59 UTC
Not sure if it's related, but the version of RedHat 6.0 distributed on the cover
of Linux Answers magazine will install a system where every user (including
root) gets a PATH that BEGINS with a colon. Does that cause the same problem?

Memory says that the path given to root on such installations is as follows:

        +--- That's the miscreant...


Note You need to log in before you can comment on or make changes to this bug.