[Discuss] Program path maintenance and security (was Re: Debian 12 vs. WSL 1)

[bogstad at pobox.com (Bill Bogstad)]

On Wed, Jun 21, 2023 at 12:36?PM Derek Martin <invalid at pizzashack.org> wrote:
>
> On Tue, Jun 20, 2023 at 03:39:59PM -0500, Derek Martin wrote:
> > My script exactly demonstrates the point I made:  You can't
> > compromise a script (or other program) in the manner you described
> > when it takes care on its own behalf that its PATH is set up properly.

I haven't noticed anyone calling out the issue of where interpreters
are installed.

Do I put

#!/bin/perl
or
#!/usr/bin/perl
or maybe
/opt/bin/perl

at the top of my Perl script.   I vaguely recall some incantation that
you can use (maybe involving env?)
to grovel through your PATH and find the interpreter, but from other
messages on the list that sounds like
a potential security problem.

Bill Bogstad

P.S. It looks like the man page for env on my Linux system has an
example of the incantation necessary,
but it still looks like a security risk.