GNU bug report logs - #19998
GREP_OPTIONS alternative?

Previous Next

Package: grep;

Reported by: Christian Kujau <lists <at> nerdbynature.de>

Date: Wed, 4 Mar 2015 07:09:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Christian Kujau <lists <at> nerdbynature.de>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 19998-done <at> debbugs.gnu.org
Subject: bug#19998: GREP_OPTIONS alternative?
Date: Fri, 13 Mar 2015 21:13:19 -0700 (PDT)

On Fri, 13 Mar 2015 at 19:11, Paul Eggert wrote:
> > An "attacker" can set $PATH to /tmp and do stuff too.
> 
> Sure, but that's well-known and standardized and it's easy (and expected) for
> administrative applications to sanitize PATH.  The problem comes when we have

s/PATH/TMPDIR/ - or LD_PRELOAD or LD_LIBRARY_PATH, etc. All "well known" 
and "potentially dangerous" if not cared for.

I relalize of course  that you won't change your mind about GREP_OPTIONS, 
but I'm a bit surpised that such a visible change in userspace was done 
w/o any consideration of the users of said feature. Oh well...

Christian.
-- 
BOFH excuse #338:

old inkjet cartridges emanate barium-based fumes
This bug report was last modified 10 years and 134 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.