This one time, at band camp, C.J. Adams-Collier said: > On Mon, 2007-11-26 at 12:32 +0000, Jörg Sommer wrote: > > > > Why not use echo and cat? Calling echo this way the shell can't use the > > builtin echo command and must spawn a new process. > > Is there a test to determine whether there is a builtin for a given > command? If so, we could test for that and use it if it exists. > Otherwise, use the fully qualified version It's recommended not to use full paths in general. Sometimes it becomes necessary to move binaries from one path to another, and hard coding full paths breaks that. Resetting PATH is more useful than hard coding full paths to binaries if you're worried about security. > > You know what you are doing here? PATH is necessary for the daemon to > > find subcommands. > > Yep. I don't want to execute any but the fully qualified commands. > It's a security thing. No, it's really not. Resetting PATH to some small subset is useful, but breaking your child processes' ability to run call popen isn't all that great. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature