[Slackbuilds-users] Add "unset CDPATH" at the head of SlackBuilds
Grissiom
chaos.proton at gmail.com
Mon Jul 12 08:02:32 UTC 2010
Hello,
In recent work, I know that it is better to unset CDPATH at the very
beginning of packaging scripts. There are tow reasons:
1, If CDPATH is not empty, cd will echo the dir name to stdout each
time changes pwd. This will mess up the output in some cases.
2, User can use CDPATH to mislead cd's search path and then _may_ do
something dangerous. For example:
~/test$ pwd
/home/grissiom/test
~/test$ cat t.sh
export CDPATH="$HOME/test"
cd $HOME
echo "I'm at" $PWD
cd test-cdpath
echo "I'm at" $PWD "now"
~/test$ file ./test-cdpath/
./test-cdpath/: directory
~/test$ file ~/test-cdpath/
/home/grissiom/test-cdpath/: directory
~/test$ sh t.sh
I'm at /home/grissiom
/home/grissiom/test/test-cdpath
I'm at /home/grissiom/test/test-cdpath now
You can see CDPATH can make cd don't change into folder under current
directory. This may lead to vulnerable problems in SlackBuilds.
This is tested in normal user but applicable to root.
--
Cheers,
Grissiom
More information about the SlackBuilds-users
mailing list