From FreeBSDs manual on /bin/sh
Quote:
Originally Posted by Invocation
Unlike older versions of sh the ENV script is only sourced on invocation
of interactive shells. This closes a well-known, and sometimes easily
exploitable security hole related to poorly thought out ENV scripts.
|
How ksh and bash handle it when called as /bin/sh, I wouldn't know off hand.
__________________
My
Journal
Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.