On Fri 2016-08-12 01:51:16 -0400, David Bremner wrote: > Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: > >> This is a utility function we can use to see whether an executa> >> + if (strchr (exename, '/')) { >> + if (0 == access (exename, X_OK)) >> + return TRUE; >> + else >> + return FALSE; >> + } > > Should we distinguish between relative and absolute paths here? I can't > think of any security implications, but I'm wondering if a relative path > is likely just a user error. I don't think a relative path is necessarily a user error. I certainly use relative paths myself from time to time. >> + path = (char *) malloc (n); >> + if (! path) >> + return FALSE; > > I kindof hate hiding the error here, although I agree it's > unlikely. What about the unixy return 0 ok, 1 not found -1 error? > >> + confstr (_CS_PATH, path, n); >> + } >> + >> + tok = strtok_r (path, ":", &save); >> + while (tok) { > > I guess it's fine to modify path here, but another option is > strtok_len (in string-util.h) I'm ok with both of these changes -- do you want to propose a variant for this patch? thanks for going through and trying to get this stuff building again. --dkg