Path: utzoo!attcan!uunet!know!samsung!munnari.oz.au!uniwa!DIALix!bernie
From: bernie@DIALix.UUCP (Bernd Felsche)
Newsgroups: comp.unix.questions
Subject: Re: Which script (was Re: comp.unix.questions)
Summary: PATH handling incomaptibilities??
Keywords: shell environment
Message-ID: <572@DIALix.UUCP>
Date: 15 Sep 90 10:24:14 GMT
Expires: 30 Sep 90 00:00:00 GMT
References: <1990Sep7.152354.9439@ecn.purdue.edu> <563@DIALix.UUCP> 
		<1990Sep13.151130.10215@maths.nott.ac.uk>
Reply-To: bernie@DIALix.oz.au (Bernd Felsche)
Organization: DIALix Services, Perth Western Australia
Lines: 26

In article <1990Sep13.151130.10215@maths.nott.ac.uk> anw@maths.nott.ac.uk (Dr A. N. Walker) writes:
>	Just to point out that any such script is easily spoofed, in case
>this is a security- or accounting-related problem.  Try something like
>
>	$ PATH=/something/innocuous export PATH
>	$ /bin/sh
>	$ PATH=/secret/directory	# note, no export
>	$ spoof
>
>and "spoof" will look for itself in "/something/innocuous", even though it
>was found in "/secret/directory".  At least, it does in SunOS 4.0.3, and it
>does with our somewhat modded SysV shell, though I don't remember seeing
>anywhere a definition of what *should* happen if an exported variable is
>masked by an unexported one.

IMHO: Your shell is broken.  Not my script.  On all the real bourne 
shells I've tested this on (two so far) the results are dependent on 
the _environment_ PATH setting.

Your shell is not using PATH as set in the environment, only its
internal working space value.

Perhaps somebody on the net can elucidate as to the divergence in
philosophy. (I get polysyllabic after 6 hours of reading news.)

bernie.