Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

security risk in source builtin?



A colleague and I just noticed that the "source" builtin looks for
its argument in the $PATH.  I guess that's something POSIX
demands, but isn't it also a security risk?  In this case, the
following happened:

  $ ls -F
  test
  $ cat test
  echo hello world
  $ source test
  /usr/bin/test:3: bad pattern: ^@^F^@(...

Unless it is really important to have this behaviour for
compatibility reasons, shouldn't searching the $PATH be at least
disabled by default?

Ciao

Dominik ^_^  ^_^



Messages sorted by: Reverse Date, Date, Thread, Author