[CDBUG-talk] Sysadmin blog
bcallah at devio.us
Sun Nov 16 23:10:00 EST 2014
On 11/16/14 23:04, Patrick Muldoon wrote:
>> On Nov 16, 2014, at 10:49 PM, Jaime <jaime at snowmoon.com
>> <mailto:jaime at snowmoon.com>> wrote:
>> On Sun, Nov 16, 2014 at 10:24 PM, Brian Callahan <bcallah at devio.us
>> <mailto:bcallah at devio.us>> wrote:
>>>> 1) Isn't the shebang that you suggested still hardcoded? When the
>>>> script is taken to a new OS, wouldn't there still be a risk of it
>>>> breaking? Has env just been in Unix for so long that its always in
>>> You're right: env is not guaranteed to be in /usr/bin but it is the
>>> historical location of env, so it will work on Linuxes and BSDs (and
>>> Solaris/AIX/HP-UX). Pretty much it's an anomaly if env isn't in
>>> /usr/bin and
>>> it's also extremely likely bash, if available, wouldn't be in /bin
>>> on such a
>>> system anyway!
>> Gotcha. So the path of env is more consistent across different OSs
>> than bash's is. Therefore, its just more likely to work without
>> modification due to this "accident" of history. Do I understand?
> I’ve not run into anything recent that doesn’t have env in /usr/bin
> but I have plenty of stuff that doesn’t have bash there :) (for
> systems that I have bash installed that I might actually want to run,
> it would be /usr/local/bin/ and this would include my mac as I don’t
> use the OSX provided version of it or zsh —my preferred shell for
> interactive use).
>>> Because env searches your PATH, you could install a newer/custom bash
>>> (remember shellshock?) elsewhere and have your scripts use that new bash
>>> without editing the script (provided your PATH is set up to hit the
>>> new bash
>> Its funny that you bring up shellshock. I was just wondering if using
>> env would increase the likelihood of running a malicious program that
>> happened to be called "bash" if a user managed to put it into my $PATH
> If you don’t trust your path, you’re pretty much screwed regardless :)
> But this is also part of the argument (and newbie tripper upper)
> against having CWD in your path. So you cannot be tricked into
> running something that you didn’t expect to run.
I recently had a conversation with someone whose .profile read
The initial . threw me for a loop at first.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CDBUG-talk