Open Meekohi opened 5 years ago
mingwandroid
commented
5 years ago I think it'd be pretty easy to construct a scenario where this is a serious security problem
Please go ahead. You will not be able to though (or at least I do not think you will). Bash will strip # and any characters to the end of the line before even considering executing the line.
Meekohi
commented
5 years ago Not true, unfortunately.
meekohi ~$ echo test # test
test
meekohi ~$ echo test# test
test# test
nehaljwani
commented
5 years ago This was supposed to be fixed a while ago: https://github.com/conda/constructor/commit/3210963e1914e4e6f6db9da36a8b846ebcb649d0 🤔
Meekohi
commented
5 years ago Weird, looks right to me as well... any chance that commit just didn't make it into the 2018.12 installer for some reason?
Actual Behavior
Installing with the "Python 3.7 Anaconda 2018.12 for macOS Installer" (https://repo.anaconda.com/archive/Anaconda3-2018.12-MacOSX-x86_64.pkg)
During installation, when updating
.bash_profile, the new content doesn't start with a new line. If your original.bash_profileends without a new-line, this can create a broken line, for example in my case:Expected Behavior
The lines added by Anaconda should begin with a newline:
Steps to Reproduce
Have a
.bash_profilethat doesn't end with a new line. Do a fresh install.Anaconda or Miniconda version:
I used https://repo.anaconda.com/archive/Anaconda3-2018.12-MacOSX-x86_64.pkg for this, I don't know if this is OSX only or if it effects other platform.s
Operating System:
OSX
Urgent?
I think it'd be pretty easy to construct a scenario where this is a serious security problem. In my case it was obvious something was wrong and none of the additional files existed, but an exercise to the reader to create one that fails silently.