unsafe bash executions #451

Open
childnode opened this Issue Aug 8, 2016 · 2 comments

Projects

None yet

2 participants

@childnode

e.g. sdkman-install.sh uses mkdir that is not a more or less secure bash function but might be overloaded by a simple user function. So, you should update any calls to mkdir to s.th. like /usr/bin/env mkdir to not execute the user function if it exist but the real mkdir binary.

This expands to many others like: rm, etc. too!

@marc0der
Member
marc0der commented Aug 8, 2016

Pull requests welcome!

@childnode

#lock /me is working on that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment