From: "Clément Lassieur" <clement@lassieur.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 31814@debbugs.gnu.org
Subject: bug#31814: setuid programs are not first in PATH
Date: Mon, 18 Jun 2018 08:16:13 +0200 [thread overview]
Message-ID: <874li039hu.fsf@lassieur.org> (raw)
In-Reply-To: <87sh5ljf63.fsf@gnu.org>
Hello Ludovic,
Ludovic Courtès <ludo@gnu.org> writes:
> Hello Clément,
>
> Clément Lassieur <clement@lassieur.org> skribis:
>
>> sourcing /etc/profile
>>
>> - prepends /run/setuid-programs to $PATH
>> - then sources $HOME/.guix-profile/etc/profile
>>
>> and sourcing $HOME/.guix-profile/etc/profile
>>
>> - prepends $HOME/.guix-profile/bin to $PATH
>> - prepends $HOME/.guix-profile/sbin to $PATH
>>
>> so in the end, $PATH looks like:
>>
>> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>>
>> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
>> it unusable.
>
> AFAICS this is not a regression, but it can be fixed this way:
No it's not a regression. I've had the fix locally for a long time.
> diff --git a/gnu/system.scm b/gnu/system.scm
> index 7cb12a827..d367307a2 100644
> --- a/gnu/system.scm
> +++ b/gnu/system.scm
> @@ -616,9 +616,6 @@ unset PATH
> GUIX_PROFILE=/run/current-system/profile ; \\
> . /run/current-system/profile/etc/profile
>
> -# Prepend setuid programs.
> -export PATH=/run/setuid-programs:$PATH
> -
> # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
> # loaded when someone logs in via SSH. See <http://bugs.gnu.org/22175>.
> # We need 'PATH' to be defined here, for 'cat' and 'cut'. Do this before
> @@ -645,6 +642,9 @@ do
> fi
> done
>
> +# Prepend setuid programs.
> +export PATH=/run/setuid-programs:$PATH
> +
> # Arrange so that ~/.config/guix/current/share/info comes first.
> export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
Yes this sounds good.
> In the example you give (inetutils), I suppose users want
> /run/setuid-programs/ping to come first. I wonder if there are
> situations where the current behavior is desirable; maybe not.
>
> Thoughts?
I can't think of any situations where the current behavior is desirable.
Thank you,
Clément
next prev parent reply other threads:[~2018-06-18 6:17 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-13 14:32 bug#31814: setuid programs are not first in PATH Clément Lassieur
2018-06-13 15:05 ` Joshua Branson
2018-06-13 15:06 ` Julien Lepiller
2018-06-13 15:06 ` Clément Lassieur
2018-06-14 14:01 ` Joshua Branson
2018-06-16 9:35 ` Ricardo Wurmus
2018-06-16 22:35 ` Clément Lassieur
2018-06-17 21:07 ` Ludovic Courtès
2018-06-18 6:16 ` Clément Lassieur [this message]
2018-06-19 9:29 ` Ludovic Courtès
2018-06-19 10:26 ` Clément Lassieur
2018-06-18 13:40 ` Marius Bakke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874li039hu.fsf@lassieur.org \
--to=clement@lassieur.org \
--cc=31814@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).