On Sun, Jan 13, 2013 at 11:04:08AM -0600, Maximo Pech wrote: > At work, we have an "information security" area for IT. > > They mandate that on all shell scripts we have to use absolute paths for > every single command. > > I feel that this does not provide real security and only makes scripts > somewhat more painful to write. > > What's your opinion on this?
That does provide ways less security than setting the PATH to a system-only path at the beginning of your script. Looks like you've got an intermediate-level shell programmer thinking he knows everything about security. (okay, that was mean). Sure, you invoke programs with an absolute path, but have you checked that those programs don't invoke other programs with execvp ? LOCALE and LANG also come to mind... so does LD_PRELOAD and LD_LIBRARY_PATH just for starters.
