[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: egrep moved to /usr/sbin

On Mon, Jan 06, 2003 at 01:18:51PM -0700, Eric Schwartz wrote:

> On Mon, 2003-01-06 at 12:41, Craig Dickson wrote:
> > There is merit in having egrep and fgrep available under those names,
> > because people will expect them. They don't have to be in any particular
> > place as long as they're on the standard $PATH, since programs shouldn't
> > be hard-coding the locations of binaries from other packages.
> Not so; it prevents a potential security problem from users who have
> insecure PATH settings.  By hardcoding the locations of binaries, you
> prevent them from screwing themselves up that way.  Also, you can prevent
> aliases from screwing up your program's output: I've found numerous bugs
> in shell scripts that were caused by my aliasing ls to 'ls -FCs', and
> fixed by forcing ls to /bin/ls.

Trying to protect users from their own bad judgement != security.  Please
don't perpetuate this myth, or encourage people to hardcode pathnames to
programs which should be in the standard search path.  This is a good way to
cause scripts to break, and to frustrate system administrators.

Also, any shell which is using aliases while executing a script is horribly
broken in the first place.

 - mdz

Reply to: