[Discuss] Program path maintenance and security (was Re: Debian 12 vs. WSL 1)

[invalid at pizzashack.org (Derek Martin)]

On Thu, Jun 22, 2023 at 05:26:59PM -0400, Rich Pieri wrote:
> On Thu, 22 Jun 2023 15:07:19 -0500
> Derek Martin <invalid at pizzashack.org> wrote:
> 
> > 1. As I indicated in the other message, if the program is intended to
> >    run exclusively in the security context of the user running it, and
> >    does not at any point require elevated privileges (which needs to
> >    be evaluated carefully), then using /usr/bin/env is PROBABLY fine,
> >    particularly if you wrote it and know what it does.
> 
> You list [four] "ifs" around using env. 

Yes, and I also said avoid doing that if you have workable
alternatives.

> Explicit path to /usr/bin/perl or whatever has zero "ifs".

No it doesn't.  If your perl isn't in /usr/bin, or if your tools have
to support different platforms/environments that have it installed in
different places, that simply doesn't work.  I've made that point
repeatedly now.

I'll repeat myself some more now:  The easiest solution to those
problems is to either (re)install it in /usr/bin or symlink it.

But if you're not the admin in your environment and yours stubbornly
refuses to do that for whatever reason, you are SoL.  You'll probably
have no choice but to use env, or I s'pose maybe create multiple
copies... in which case they'll either need different names or be
installed in different places.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.