On Mon, Jan 14, 2013 at 1:49 PM, Claer <cl...@claer.hammock.fr> wrote: > On Sun, Jan 13 2013 at 04:11, Maximo Pech wrote: >> At work, we have an "information security" area for IT. >> >> They mandate that on all shell scripts we have to use absolute paths for >> every single command. >> >> I feel that this does not provide real security and only makes scripts >> somewhat more painful to write. >> >> What's your opinion on this? > > I saw that technique used, but not for security reasons. Is it the only > recomendation they've done or there are others? > > Because if it is the only one, then you can break through this pretty easily: > $ export IFS='/ > '
POSIX 2.5.3, Shell Variables, IFS: Implementations may ignore the value of IFS in the environment, or the absence of IFS from the environment, at the time the shell is invoked, in which case the shell shall set IFS to <space> <tab> <newline> when it is invoked. "may" isn't a requirement, but what's a standard if a significant amount of implementations agree on what's right? andres@pote:~/tmp $ IFS=asd bash -c 'echo "$IFS"' | vis \t\$ \$ andres@pote:~/tmp $ IFS=asd ksh -c 'echo "$IFS"' | vis \t\$ \$ therefore i conclude that you are talking out of your poopy hole
