Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!uunet!mcsun!ukc!keele!nott-cs!piaggio!anw From: anw@maths.nott.ac.uk (Dr A. N. Walker) Newsgroups: comp.unix.questions Subject: Re: Which script (was Re: comp.unix.questions) Message-ID: <1990Sep18.170708.10601@maths.nott.ac.uk> Date: 18 Sep 90 17:07:08 GMT References: <1990Sep7.152354.9439@ecn.purdue.edu> <563@DIALix.UUCP> <1990Sep13.151130.10215@maths.nott.ac.uk> <572@DIALix.UUCP> Reply-To: anw@maths.nott.ac.uk (Dr A. N. Walker) Organization: Maths Dept., Nott'm Univ., UK. Lines: 42 In article <572@DIALix.UUCP> bernie@DIALix.oz.au (Bernd Felsche) writes: [re my comment that any script that determines how it was called is easily spoofed] >IMHO: Your shell is broken. Not my script. On all the real bourne >shells I've tested this on (two so far) the results are dependent on >the _environment_ PATH setting. > >Your shell is not using PATH as set in the environment, only its >internal working space value. Well, our PDP 11 is now deceased, so I can't run a *real* Bourne shell [the one in pseudo Algol] without compiling up the source, but I think you have misunderstood "my" result. Sorry if this was caused by lack of clarity in the original; let me try again. Suppose I am running a shell [A], and invoke a sub-shell [B]. In B, I set "PATH=/something/or/other", without exporting it. This PATH is now used to find commands. I invoke a shell script "spoof". This script is run with $0 set to "spoof", but it does *not* inherit PATH from B. Thus "spoof" is actually "/something/or/other/spoof", but there is nothing in the environment *of "spoof"* that enables it to recover this information. In the shells instantly available to me, PATH is in fact inherited from A, so anything that *"spoof"* does to discover how it was called is likely to be wrong, depending on the ingenuity of the PATH setting in A. By working slightly harder (eg, writing a C program), "spoof" can be supplied with whatever $0 and PATH (or anything else in the environment, such as IFS) a bad guy likes. Thus, any shell script that includes code like case $0 in foo) some command esac is insecure. Of course, code that searches "$PATH" is perfectly OK for run-of-the-mill utility scripts, where only the caller is hurt if the script does something unexpected. -- Andy Walker, Maths Dept., Nott'm Univ., UK. anw@maths.nott.ac.uk