Hello All,
It seems that sh has a variable that exists and doesn't exist at the
same time (see my shell session below). Isn't such transition between
existence and non-existence reserved for quantum mechanics and eastern
philosophy? My guess is that sh has become more vigilant about
security and the exec statement. Can anyone venture a better guess as
to how the output below might happen? What's the best way around
this? But the real question is: Can the people at ccp4 look at this
and make changes to the code base before these kinds of security
features become more commonplace (for the good reason to prevent
injection attacks)?
For example: http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/
Here is my shell session:
chernev 10% cat `which ccp4i`
#!/bin/sh
# Start ccp4i interface
# \
echo CCP4I_TCLTK is $CCP4I_TCLTK
exec ${CCP4I_TCLTK}/bltwish "$0" -- ${1+"$@"}
source [file join $env(CCP4I_TOP) bin ccp4i.tcl]
chernev 11%
chernev 12% ccp4i
CCP4I_TCLTK is /usr/local/X11/bin
Error in startup script: can't read "CCP4I_TCLTK": no such variable
while executing
"exec ${CCP4I_TCLTK}/bltwish "$0" -- ${1+"$@"}"
(file "/usr/local/ccp4-6.1.1/bin/ccp4i" line 5)
