> Or you could simply ignore BASH_SOURCE_PATH in restricted mode. Then the restricted shells will not have access to this new functionality. I thought it could be useful if properly integrated.
> Or, at least, this should be an opt-in > feature that the scripts to set up the > restricted shells need to explicitly turn on > instead of being automatically enabled > through the existence of a variable BASH_SOURCE_PATH. I think this is a very good idea, especially if we combine it with the "no defaults" idea. I'd like to propose that restricted shells disallow manipulation of this variable, and on top of that set it to the empty string so that no paths are searchable by default, regardless of which default value was chosen at compilation time. Then we could have some mechanism by which other code which prepares the restricted shell sets the desired BASH_SOURCE_PATH, if any. This way, the users of restricted shells also have to opt in to benefit from the new behavior, and compatibility is enhanced. I'm not sure what form the aforementioned mechanism would take though. What do you say? -- Matheus
