Comments on: Howto Make Script More Portable With #!/usr/bin/env As a Shebang

By: someone

someone — Sat, 13 Aug 2011 19:01:22 +0000

Even the official python tutorial website is using:
#! /usr/bin/env python
http://docs.python.org/tutorial/interpreter.html

By: robsku

robsku — Fri, 17 Dec 2010 23:29:49 +0000

@Terrible
You could be correct, but I’d like to hear your opinion of why exactly is it more harmful?

Well, it runs the command, perl for example, like you would run perl by hand – so I assume it searches via PATH – I can see that individual user may then create executable ‘perl’ of his own under his home directory and change PATH so that env will call that… However that already means that user in question is doing this on purpose, in which case he could just call the harmful program himself – no need to even include the script, perl nor env on that and if done that way it would not affect other users which would still get to run the script as intended.

However security and holes in it can be complex issues and I’m not a professional at all… If indeed using env is more of a possible security issue than creating shebang pointing right to correct interpreter in install routine I would love to learn why exactly is it safer, about possible security issues in using env, etc.
I would think that when installed system wide both ways would be as safe – and one trying to do harm could install the whole software locally under his home directory anyway but could not alter what is ran when other users call the script in question – not understanding makes me even more curious, but most importantly I want to ensure security…

By: Terrible

Terrible — Mon, 26 Jan 2009 22:00:08 +0000

Terrible advice. Do not do this. Portability should stem from your installion routines, not some security and design problem causing hack.

By: Carsten

Carsten — Wed, 14 Jan 2009 08:45:36 +0000

I do not feel very comfortable with the security aspects of this hack.
It may be more portable but it reduces control.
Bash and other shells are hardened so that they can be used for admin jobs withstanding tampering efforts by non root users.
Using the described “env” solution may introduce vulnerabilities which are difficult to oversee or analyze.
Instead of linking env and using it to deal with compatibity I rather add compatibility links to my systems which link bash or perl to a uniform location e.g. ln -s /usr/local/bin/bash /bin/bash

By: vivek

vivek — Thu, 06 Sep 2007 09:44:44 +0000

You can pass /bin/path/to/mybinary -w

By: IHar Filipau

IHar Filipau — Thu, 02 Aug 2007 08:07:41 +0000

The only problem I have with env, that on some systems lacking ‘use warnings’, I can’t pass ‘-w’ on command line. Or is it possible somehow?

By: nag

nag — Thu, 12 Jul 2007 21:43:16 +0000

Thanks for “shebang” and its explanation. Its really helpful.

By: nixcraft

nixcraft — Wed, 07 Mar 2007 16:27:25 +0000

If you move from Linux distro to BSD you will see bash is located at /usr/local/bin/bash OR to Solaris you will see bash at /opt or some other location. Instead of adjusting all the location admin can create a /usr/bin/env softlink and problem solved. Just imagine you have 100s of shell and perl scripts…

This is not just about Linux. It is about running a script under different UNIX like oses.

By: bhaskar

bhaskar — Wed, 07 Mar 2007 15:15:38 +0000

I am confused.
Why is /usr/bin/env more portable than /bin/bash.
Besides on most linux distros bash is found in /bin, but env is not guaranteed to be found under /usr/bin.
e.g. in my case (FC5) env is under /bin.
My point is , which ever way you need to know the absolute path to either env, or bash, so why bother ?