Re: CDPATH and shell scripts

To: Goswin von Brederlow <goswin-v-b@web.de>
Cc: debian-devel@lists.debian.org
Subject: Re: CDPATH and shell scripts
From: Jonathan Yu <jonathan.i.yu@gmail.com>
Date: Thu, 2 Jul 2009 17:48:40 -0400
Message-id: <[🔎] d1b732a70907021448t285a43eemc246aa7d17c00823@mail.gmail.com>
In-reply-to: <[🔎] 873a9erc98.fsf@frosties.localdomain>
References: <[🔎] 87k52rnfln.fsf@frosties.localdomain> <[🔎] 20090702202238.GB74256@l04.local> <[🔎] d1b732a70907021402r4fec7a8dg1e4b059c31b7108d@mail.gmail.com> <[🔎] 877hyqbwua.fsf@windlord.stanford.edu> <[🔎] 873a9erc98.fsf@frosties.localdomain>

On Thu, Jul 2, 2009 at 5:44 PM, Goswin von Brederlow<goswin-v-b@web.de> wrote:
> Russ Allbery <rra@debian.org> writes:
>
>> Jonathan Yu <jonathan.i.yu@gmail.com> writes:
>>
>>> How to fix them? Write Perl scripts, and turn on taint checking --
>>> that fixes the four issues above, because it makes the script exit if
>>> any of them look dangerous. Env::Sanctify::Auto is a Perl module that
>>> automatically cleans up the paths.
>>>
>>> My advice:
>>> 1. Write scripts that might be run as root (or setuid root) using Perl
>>> 2. Turn on taint checking
>>> 3. Consider using Env::Sanctify::Auto (shameless plug)
>>
>> I would really prefer that people not start writing maintainer scripts
>> in Perl as a matter of course.  Perl is harder to analyze for programs
>> like lintian than shell scripts (which are already hard enough).
>>
>> --
>> Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
>
> Not to mention humans. :)
Oh.

I read that incorrectly in my reply. Yeah, analyzing Perl via lintian
is probably more difficult than shell script, and more likely to raise
false positives/etc.

Static code analysis is getting a little better with PPI, but Perl is
a *very* dynamic language, so it's hard to do analyze it without
executing it.

In that case, I'd recommend to establish some sort of best practice
using these variables, and put it in Policy. As in a contract that
programs:
1. Must not set these variables
2. Must not use these variables
3. Must set them to something sane within the scope of the current
execution (not necessarily exporting them)

So I guess really in practice that just requires people to do:
unset CDPATH
unset IFS
set PATH="/some/safe/path'

etc. All of these default/preferred values should be in Policy, and
users should be given a list of acceptable things to go in PATH -- for
example, allowing developers to use:
/usr/bin
/usr/local/bin

Then a developer is welcome to locally set PATH to a subset of those,
like PATH=/usr/bin -- of course we'd need to add something to lintian
to parse paths. There are, however, CPAN modules that can do that I
believe, and on Debian only it's as simple as split(':', $path)

Reply to:

References:
- CDPATH and shell scripts
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: CDPATH and shell scripts
  - From: Michael Tautschnig <mt@debian.org>
- Re: CDPATH and shell scripts
  - From: Jonathan Yu <jonathan.i.yu@gmail.com>
- Re: CDPATH and shell scripts
  - From: Russ Allbery <rra@debian.org>
- Re: CDPATH and shell scripts
  - From: Goswin von Brederlow <goswin-v-b@web.de>

Prev by Date: Re: CDPATH and shell scripts
Next by Date: Re: CDPATH and shell scripts
Previous by thread: Re: CDPATH and shell scripts
Next by thread: Re: CDPATH and shell scripts
Index(es):
- Date
- Thread