On Oct 15, 2008, at 7:40 AM, Luke Kanies wrote: > > On Oct 15, 2008, at 2:02 AM, David Schmitt wrote: >> >> Shouldn't path-attacks be averted by defining a puppet-local path >> instead of hardcoding the path to a binary? > > Hmm, I was thinking of cases where people could add items to a > legitmate path, but I guess you're right -- one normally only worries > about people's ability to modify user-writable paths. > > I guess I can't come up with a good reason to want fully qualified > binaries, but I apparently do. :/
FWIW, my vote would be (strongly) for always executing fully-specified binaries, rather than relying on $PATH to do the right thing. If $PATH is set and controlled correctly, it shouldn't make much of a difference... but at the very least, it seems easier to verify a single path than to verify that $PATH is set everywhere correctly. (Although, I guess even with a full path, you'd need to make sure $IFS is set correctly, at least on some OSs...) Also note that $PATH is only relevant to things executed through the shell, and I think it would be good to minimize the shell's involvement. See, eg, http://projects.reductivelabs.com/issues/show/1630 -sq --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
