Thread: Shell Script.
View Single Post
  #7   (View Single Post)  
Old 11th July 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
Join Date: May 2008
Location: USofA
Posts: 1,546

From FreeBSDs manual on /bin/sh

Originally Posted by Invocation
Unlike older versions of sh the ENV script is only sourced on invocation
of interactive shells. This closes a well-known, and sometimes easily
exploitable security hole related to poorly thought out ENV scripts.
How ksh and bash handle it when called as /bin/sh, I wouldn't know off hand.
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote