[Discuss] Program path maintenance and security (was Re: Debian 12 vs. WSL 1)
Bill Bogstad
bogstad at pobox.com
Wed Jun 21 19:07:53 EDT 2023
On Wed, Jun 21, 2023 at 12:36 PM Derek Martin <invalid at pizzashack.org> wrote:
>
> On Tue, Jun 20, 2023 at 03:39:59PM -0500, Derek Martin wrote:
> > My script exactly demonstrates the point I made: You can't
> > compromise a script (or other program) in the manner you described
> > when it takes care on its own behalf that its PATH is set up properly.
I haven't noticed anyone calling out the issue of where interpreters
are installed.
Do I put
#!/bin/perl
or
#!/usr/bin/perl
or maybe
/opt/bin/perl
at the top of my Perl script. I vaguely recall some incantation that
you can use (maybe involving env?)
to grovel through your PATH and find the interpreter, but from other
messages on the list that sounds like
a potential security problem.
Bill Bogstad
P.S. It looks like the man page for env on my Linux system has an
example of the incantation necessary,
but it still looks like a security risk.
More information about the Discuss
mailing list