Content Comparison

...

• If your external programs can be found in a variety of locations depending on the system on which they are run, use exact control over the PATH used to find your programs. Make certain that the current directory (".") is not at the beginning or middle of the PATH. (Note: both "./" and an empty path element ("::" or a leading ":") are equivalent to including ".". ("::" is equivalent to ":.:" and a leading ":" is equivalent to a leading ".:".)  For example, you can add a line to the beginning of your program such as:
  
  • shell:

...

os.environ['PATH'] = '/sbin:/usr/sbin:/bin:/usr/bin'

• Make certain that the current directory (".") and relative directories (those not starting with a "/") are not at the beginning or middle of the PATH.
  
  • Both an empty path element ("::") and ":./:" are equivalent to including ".". That is, "::", ":.:", and ":./:" are all equivalent.
  • A leading ":" is equivalent to a leading ".:".
• If you must depend on an externally-provided path, combine prepending known locations to the beginning of the PATH, with sanitizing the rest of it. For example, you can add a line to the beginning of your program such as:
  • shell:

...

• • You will have to write the sanitize() function. Some things to consider are:
    
    • The current directory is dangerous in the PATH, except possibly at the end. So one thing your sanitize function should do is to remove the current directory, or any aliases that map into the current directory (e.g. ::, :.:, :./:, :./.:, etc.).
    • Relative directories, those not starting with "/" are similarly dangerous.
    • It's also dangerous for any of the directories found in the PATH to be world writable, where someone can create a program with the same name as a system tool invoked by your program. (Consider having a PATH with /tmp in it, where someone could have placed a script named "ls".)

...