Re: egrep moved to /usr/sbin

To: debian-devel@lists.debian.org
Subject: Re: egrep moved to /usr/sbin
From: Craig Dickson <crdic@pacbell.net>
Date: Mon, 6 Jan 2003 13:13:42 -0800
Message-id: <[🔎] 20030106211342.GA25517@linux700.localnet>
In-reply-to: <[🔎] 1041884331.982.40.camel@wormtongue.emschwar>
References: <[🔎] 20030102145011.GA3222@crystal> <[🔎] Pine.LNX.4.33.0301032309490.2080-100000@gradall.private.brainfood.com> <[🔎] 20030106172758.GE13272@crystal> <[🔎] 20030106184601.GB23201@linux700.localnet> <[🔎] 20030106191144.GH677@ns> <[🔎] 20030106194108.GA24008@linux700.localnet> <[🔎] 1041884331.982.40.camel@wormtongue.emschwar>

Eric Schwartz wrote:

> On Mon, 2003-01-06 at 12:41, Craig Dickson wrote:
> > There is merit in having egrep and fgrep available under those names,
> > because people will expect them. They don't have to be in any particular
> > place as long as they're on the standard $PATH, since programs shouldn't
> > be hard-coding the locations of binaries from other packages.
> 
> Not so; it prevents a potential security problem from users who have
> insecure PATH settings.  By hardcoding the locations of binaries, you
> prevent them from screwing themselves up that way.

And also prevent the system from working as the user or admin intended
if your hard-coded path fails to use something installed in
/usr/local/bin or ~/bin that is meant to override the standard version
in /usr/bin. And of course, hard-coding paths means your script will
fail if the executable isn't where you expected it, which is how this
whole thread got started. Defeating the standard path-searching
functionality of the shell is just plain wrong.

If a user has "insecure PATH settings" (I assume you mean something like
PATH=.:$PATH), that's the user's problem, and it's no one else's job to
try to work around it or fix it. Unless he's root (in which case he has
no excuse not to know better), he can only screw himself with such
stupidities, not anyone else. I don't think it's appropriate or useful
for someone else to write programs in unconventional ways that defeat
normal shell functionality in a desperate attempt to work around the
presumed stupidity of the user. You only introduce other problems by
doing so (non-portability, etc.), and if the user is truly dumber than
you are, he will defeat you by doing something else so dumb that it
never even occurred to you.

> Also, you can prevent aliases from screwing up your program's output:
> I've found numerous bugs in shell scripts that were caused by my
> aliasing ls to 'ls -FCs', and fixed by forcing ls to /bin/ls.

Your setup is defective if non-interactive shells use aliases that are
meant for your interactive use. That's just as stupid as putting . in
your PATH.

Craig

Attachment: pgpQXZ3gmne8E.pgp
Description: PGP signature

Reply to:

References:
- Re: egrep moved to /usr/sbin
  - From: "H. S. Teoh" <hsteoh@quickfur.ath.cx>
- Re: egrep moved to /usr/sbin
  - From: Adam Heath <doogie@debian.org>
- Re: egrep moved to /usr/sbin
  - From: "H. S. Teoh" <hsteoh@quickfur.ath.cx>
- Re: egrep moved to /usr/sbin
  - From: Craig Dickson <crdic@pacbell.net>
- Re: egrep moved to /usr/sbin
  - From: Stephen Frost <sfrost@snowman.net>
- Re: egrep moved to /usr/sbin
  - From: Craig Dickson <crdic@pacbell.net>
- Re: egrep moved to /usr/sbin
  - From: Eric Schwartz <emschwar@debian.org>

Prev by Date: Re: egrep moved to /usr/sbin
Next by Date: Re: egrep moved to /usr/sbin
Previous by thread: Re: egrep moved to /usr/sbin
Next by thread: Re: egrep moved to /usr/sbin
Index(es):
- Date
- Thread