On Fri, 13 Mar 2015 at 19:11, Paul Eggert wrote: > > An "attacker" can set $PATH to /tmp and do stuff too. > > Sure, but that's well-known and standardized and it's easy (and expected) for > administrative applications to sanitize PATH. The problem comes when we have
s/PATH/TMPDIR/ - or LD_PRELOAD or LD_LIBRARY_PATH, etc. All "well known" and "potentially dangerous" if not cared for. I relalize of course that you won't change your mind about GREP_OPTIONS, but I'm a bit surpised that such a visible change in userspace was done w/o any consideration of the users of said feature. Oh well... Christian. -- BOFH excuse #338: old inkjet cartridges emanate barium-based fumes
