Loading ...
Sorry, an error occurred while loading the content.

Re: [jasspa] Search path issue -- CWD, $HOME

Expand Messages
  • Thomas Hundt
    Yes, I agree 100%, this is bad and I ve gotten burned by it more than once and it s a real head-scratcher until you figure it out. Usually happens when
    Message 1 of 12 , Jul 1, 2005
    • 0 Attachment
      Yes, I agree 100%, this is bad and I've gotten burned by it more than
      once and it's a real head-scratcher until you figure it out. Usually
      happens when upgrading ME versions and copying the macro files around,
      or running as root and looking around in a user directory where the user
      happens to have ME files sitting there.

      -Th



      Meino Christian Cramer wrote:
      >
      > Isn't exactly that dangerous as the alias scheme I suggested ? How
      > long one will search for a bug due to thei sfeature ? I need teh
      > system tool strace to find out, what's going on...
      >
      > In security related publications one is warned not to include "." in
      > $PATH on UNIX system just for that reason...
      >
      > just my two cent...
      >
      > Meino
      >
      > PS: If one really want this, s/he is free to include "." into
      > $MEUSERPATH or even $MEPATH...but as an "invisible" default...I really
      > dont know...
      >
      >
      >>Meino Christian Cramer wrote:
      >>
      >>>From: Thomas Hundt <thundt@...>
      >>>Subject: Re: [jasspa] Search path issue -- CWD, $HOME
      >>>Date: Thu, 30 Jun 2005 17:34:18 -0700
      >>>
      >>>Yes, I did
      >>>
      >>> cd $HOME
      >>> me testruby.rb
      >>>
      >>>So...is it right, that additionally to $MEPATH and $MEUSERPATH ME is
      >>>searching of rsystem files in `pwd` ?
      >>>
      >>>-mcc
      >>
      >>The .emf files are picked up from "./" (current working directory) first
      >>then $search-path (See M-X describe-variables for the $search-path).
      >>$search-path is made up from $MEPATH etc.
      >>
      >>Jon.
    • Meino Christian Cramer
      From: Thomas Hundt Subject: Re: [jasspa] Search path issue -- CWD, $HOME Date: Fri, 01 Jul 2005 08:35:20 -0700 Hihihihi....think of a newbie
      Message 2 of 12 , Jul 1, 2005
      • 0 Attachment
        From: Thomas Hundt <thundt@...>
        Subject: Re: [jasspa] Search path issue -- CWD, $HOME
        Date: Fri, 01 Jul 2005 08:35:20 -0700

        Hihihihi....think of a newbie like me, who tries to create a new file
        containing macros which "reconfigure" or add new features to the
        behaviour of ME for editing just this kind of files! What a confusion
        will rise in my head then !!! This will be a new definition of the
        word "Recursion", muhahahahaha!

        BE WARNED ! NEVER EDIT A FILE IN THAT DIRECTORY IN WHICH YOU ARE
        EDITING THAT FILE !

        Hahahahhahahaha !.....

        (sorry...this isn't meant negatively in ANY way...just my imagination
        overruns myself :O)))

        Meino


        > Yes, I agree 100%, this is bad and I've gotten burned by it more than
        > once and it's a real head-scratcher until you figure it out. Usually
        > happens when upgrading ME versions and copying the macro files around,
        > or running as root and looking around in a user directory where the user
        > happens to have ME files sitting there.
        >
        > -Th
        >
        >
        >
        > Meino Christian Cramer wrote:
        > >
        > > Isn't exactly that dangerous as the alias scheme I suggested ? How
        > > long one will search for a bug due to thei sfeature ? I need teh
        > > system tool strace to find out, what's going on...
        > >
        > > In security related publications one is warned not to include "." in
        > > $PATH on UNIX system just for that reason...
        > >
        > > just my two cent...
        > >
        > > Meino
        > >
        > > PS: If one really want this, s/he is free to include "." into
        > > $MEUSERPATH or even $MEPATH...but as an "invisible" default...I really
        > > dont know...
        > >
        > >
        > >>Meino Christian Cramer wrote:
        > >>
        > >>>From: Thomas Hundt <thundt@...>
        > >>>Subject: Re: [jasspa] Search path issue -- CWD, $HOME
        > >>>Date: Thu, 30 Jun 2005 17:34:18 -0700
        > >>>
        > >>>Yes, I did
        > >>>
        > >>> cd $HOME
        > >>> me testruby.rb
        > >>>
        > >>>So...is it right, that additionally to $MEPATH and $MEUSERPATH ME is
        > >>>searching of rsystem files in `pwd` ?
        > >>>
        > >>>-mcc
        > >>
        > >>The .emf files are picked up from "./" (current working directory) first
        > >>then $search-path (See M-X describe-variables for the $search-path).
        > >>$search-path is made up from $MEPATH etc.
        > >>
        > >>Jon.
        >
        >
        > __________________________________________________________________________
        >
        > This is an unmoderated list. JASSPA is not responsible for the content of
        > any material posted to this list.
        >
        > To unsubscribe, send a mail message to
        >
        > mailto:jasspa-unsubscribe@yahoogroups.com
        >
        > or visit http://groups.yahoo.com/group/jasspa and
        > modify your account settings manually.
        >
        >
        >
        > Yahoo! Groups Links
        >
        >
        >
        >
        >
        >
      • Jon Green
        ... Well after all of that I m still not convinced of a problem under NORMAL use. Which the scenario that we use. For a normal install then the macros are
        Message 3 of 12 , Jul 1, 2005
        • 0 Attachment
          Meino Christian Cramer wrote:
          > From: Thomas Hundt <thundt@...>
          > Subject: Re: [jasspa] Search path issue -- CWD, $HOME
          > Date: Fri, 01 Jul 2005 08:35:20 -0700
          >
          > Hihihihi....think of a newbie like me, who tries to create a new file
          > containing macros which "reconfigure" or add new features to the
          > behaviour of ME for editing just this kind of files! What a confusion
          > will rise in my head then !!! This will be a new definition of the
          > word "Recursion", muhahahahaha!
          >
          > BE WARNED ! NEVER EDIT A FILE IN THAT DIRECTORY IN WHICH YOU ARE
          > EDITING THAT FILE !
          >
          > Hahahahhahahaha !.....
          >
          > (sorry...this isn't meant negatively in ANY way...just my imagination
          > overruns myself :O)))
          >
          > Meino
          >

          Well after all of that I'm still not convinced of a problem under NORMAL use. Which the
          scenario that we use. For a normal install then the macros are installed in a location that
          is not normally that accessible:-

          Windows:
          c:/Program Files/JASSPA/MicroEmacs/macros - You should not edit in here.
          c:/Program Files/JASSPA/MicroEmacs/company - Yo can edit in here - supposed to be global.
          c:/Document Settings/<user>/Application Data/jasspa/ - You edit in here for local changes.

          UNIX
          /opt/jasspa/macros - You cannot edit in here as it is owned by root
          /opt/jasspa/company - Root may add macros in here for all users.
          $(HOME)/.jasspa - You edit in here for local changes

          You do not create .emf files anywhere else - a simple rule.

          The ./ directory is very useful this allows us to do things like the CD-ROM image where you
          can run ME without installation and it finds all of its macros. It is also used under
          Windows and DOS where there is no burnt in search path and the executable directory is used
          to locate the macros with no configuration information.

          I will admit that you can run into problems, especially with a new release, where a user
          file shadows a macro file and the results are unexpected. Most of the time when we are
          developing new macros then we have to cope with multiple macros issues (as you can imaging
          we typically have more than one set of complete macros and different versions of a binary
          image at the same time). In this instance I think there is something in the help that tells
          you on a new release you are advised to move your macro shadow out of the way to make it in
          accessible and then install your existing macros to make sure that there are not any problems.

          So despite the complaints I am still not convinced that it needs to change.

          Jon.
        • Thomas Hundt
          The problem is not when one creates macros in the out-of-the-way .../macros directory; the problem is when one creates macros in one s HOME directory or some
          Message 4 of 12 , Jul 1, 2005
          • 0 Attachment
            The problem is not when one creates macros in the out-of-the-way
            .../macros directory; the problem is when one creates macros in one's
            HOME directory or some other place where one runs the program from.
            Which has happened to me when I pushed an updated company file (or, more
            subtly, mycpp.emf) to a remote machine via FTP, more than once.

            Loading things from CWD is an invisible side effect, which is bad style,
            even if you don't agree with the fact it is a security hole.

            The solution is trivial: The program should look in CWD if MEPATH is not
            set. (I.e., the default MEPATH value, internally, should be just "./".)
            If people really want it to load from "./" they can add that to
            MEPATH. I think this satisfies all concerns.

            -Th

            Jon Green writes:
            > Well after all of that I'm still not convinced of a problem under NORMAL use. Which the
            > scenario that we use. For a normal install then the macros are installed in a location that
            > is not normally that accessible:-

            > You do not create .emf files anywhere else - a simple rule.
            >
            > The ./ directory is very useful this allows us to do things like the CD-ROM image where you
            > can run ME without installation and it finds all of its macros. It is also used under

            > So despite the complaints I am still not convinced that it needs to change.
          Your message has been successfully submitted and would be delivered to recipients shortly.