All:
The ultimate goal of what I am trying to do is verify that user's are not sticking '.' in their PATH environmental variable with one of the login scripts. At first, it seemed straight forward, but the more I worked on it, the uglier the code got. I am hoping one of you might be able to show me the light. Here are the assumptions I started with:

  • The paths are colon delimited
  • If the last character on a line is a \, the next line is a continuation and the \ should be discarded
  • Leading whitespace before PATH= is ignored
  • There may be more than one PATH assignment within the same file

    Now if it wasn't for the second bullet, it would be a simple matter of stripping off the leading \s*PATH=, splitting on colons, and checking to see if any of the items in the resulting list were just a single period.

    Here is what I have that I believe is working, but any help/insight would be appreciated: 

    #!/usr/bin/perl
use strict;
use warnings;

my @logins = qw(
   .profile .cshrc .login .tcshrc .bash_profile .bash_login
);
for my $login (@logins) {
    next if ! -f $login;
    open ( LOGIN , '<' , $login ) or die "Unable to open $login for re
+ading : $!";
    my ($path, $flag);
    while ( <LOGIN> ) {
        chomp;
        if ( /^\s*PATH=(.*)/ || $flag) {
            $path .= ':' if $path && substr($path, -1, 1) ne ':';
            my $new = $flag ? $_ : $1;
            $path .= $new;
            if ( substr($path, -1 , 1) eq '\\' ) {
                $flag = 1;
                chop $path;
                next;
            }
            else {
                $flag = 0;
            }
        }
    }
    next if ! $path;
    my @paths = split /:/ , $path;
    if ( grep /^\.$/ , @paths ) {
        print "$login contains a period in the PATH assignment\n";
    }
}

    [download]
    Cheers - L~R

    Update: I realize that without recompiling the shell, there is no real way to prevent a user from putting '.' in their path. I also realize that checking the path assignment in the login scripts is very rudimentary and can easily be bypassed. This doesn't change the local security policy. This also doesn't change my requirement to make a best effort at policing that policy. I truly appreciate the responses and will make the policy makers aware of the limitations.

    In reply to Parsing Login Scripts For Variable Assignment by Limbic~Region

    Title:
    Use:  <p> text here (a paragraph) </p>
    and:  <code> code here </code>
    to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.