Ron Chen <[email protected]> writes: > Just IMO, IFS & PATH should be set by the script itself. But then it is just > my opinion _only_.
Yes, shell scripts should be very careful if run with privileges in an uncontrolled environment, and the normal advice is Don't Do That. However, a shell script probably can't set PATH if it inherits a malicious IFS. > And there is also LANG, and many other variables that can change the > behaviour of the script somewhat. Yes, but the locale variables are more insidious in a security context (see the code and reference in safe_exec). They may also affect communication between different locales, e.g. GE's GDI <https://arc.liv.ac.uk/trac/SGE/ticket/1394>, which I've worked on, and <https://arc.liv.ac.uk/trac/SGE/changeset/4103/sge>. -- Community Grid Engine: http://arc.liv.ac.uk/SGE/ _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
