Zsh function for checking for duplicate PATH entries and for occluded executables

Charles Merriam

4/10/24, 11:02 PM

This occurs on many systems and I expect someone has a solution for it.

The PATH environment variable is a major part of security issues. For sanity's sake, the path portion of the .zshrc looks like:

# Set Path
PATH_RUBY="/usr/local/opt/ruby/bin:/usr/local/lib/ruby/gems/3..0/bin"
PATH_TREESITTER="$HOME/p/na/ts/tree_sitter_na/node_modules/.bin"
PATH_CONDA="/usr/local/anaconda3/bin"
PATH_CARGO=".cargo/bin"
PATH_TEX="/usr/texbin:/opt/X11/bin"
PATH_HOME="$HOME/bin:$HOME"
PATH_OSX="/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Library
/Apple/usr/bin"
export PATH="$PATH_RUBY:$PATH_CONDA:$PATH_TREESITTER:$PATH_CARGO:$PATH_TEX:$PATH_HOME:$PATH_OSX"

While I can check the path munging to be sure that no full directory is repeated in the path, is there a function anyone has written to list of conflicts? I am trying to guard against some unchecked installation of a tool like TreeSitter having its own ssh command, which would execute instead of the later /usr/bin/ssh. This tool would both add to security and also untangle badly done installations.

That is, I want a tool like:

$ checkpath
.../p/na/tree_sitter_na/node_modules/.bin/ssh occudes /usr/bin/ssh
$

121

1 + 3

security

zsh

path

Nasir Riley

4/11/24, 4:07 AM

What you want is not exactly clear. You already have a way of making sure that each directory is only added to `$PATH` once and then you want to see if there is a binary or executable of the same name that appears in multiple locations. If this is a system that you manage and where you have sudoer rights, then you can simply `su` to the user and run whereis if you are looking for a specific executable or if that's too tedious,use a tool like `printf` on the listed directories to send their contents to `stdout` which can then be parsed for duplicates.

Charles Merriam

4/14/24, 1:30 AM

Writing the tool is a doable project. A quick and dirty approach, would be "ls for all directories in $PATH | sort | uniq" and then do work to print nice errors. I was seeing if this already was written somewhere. :)

Charles Merriam

4/14/24, 1:32 AM

Could you point out what is not clear? I want a list of occluded executables and what is executed instead.

Score:1

Server

Gairfowl

4/14/24, 6:15 AM

In zsh, type -a will list all occurrences of a command in the PATH. The first one in the list is the 'active' match:

> type -a pwd
pwd is a shell builtin
pwd is /bin/pwd
> cp /bin/ls ~/bin
> type -a ls
ls is /bin/ls
ls is /Users/gairfowl/bin

More info here.

There are some very useful features in zsh to help manipulate paths. With 'tied' variables, the executable search path can be referenced via either the PATH scalar or the path array:

> print $PATH
/usr/bin:/bin
> path+=/sbin
> print $PATH
/usr/bin:/bin:/sbin
> print -l $path
/usr/bin
/bin
/sbin

PATH and path are set up this way by default. Other variables can be configured as tied variables, e.g. typeset -T LD_LIBRARY_PATH ld_library_path.

The -U option to typeset can be used to set variables so that they do not contain duplicates:

> print $PATH
/usr/bin:/bin
> path+=/sbin
> path+=/sbin
> print $PATH
/usr/bin:/bin:/sbin:/sbin
> typeset -U PATH path
> print $PATH
/usr/bin:/bin:/sbin

You may also want to look at the :a expansion modifier to get the absolute path from a relative path.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Zsh function for checking for duplicate PATH entries and for occluded executables

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.