From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Subject: bug#31814: setuid programs are not first in PATH Date: Mon, 18 Jun 2018 08:16:13 +0200 Message-ID: <874li039hu.fsf@lassieur.org> References: <87602mu57o.fsf@lassieur.org> <87sh5ljf63.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39017) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fUnTO-00061K-Cm for bug-guix@gnu.org; Mon, 18 Jun 2018 02:17:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fUnTK-0008S3-TS for bug-guix@gnu.org; Mon, 18 Jun 2018 02:17:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:46407) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fUnTK-0008Rx-Ok for bug-guix@gnu.org; Mon, 18 Jun 2018 02:17:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fUnTK-0004Eg-Cb for bug-guix@gnu.org; Mon, 18 Jun 2018 02:17:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-reply-to: <87sh5ljf63.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 31814@debbugs.gnu.org Hello Ludovic, Ludovic Court=C3=A8s writes: > Hello Cl=C3=A9ment, > > Cl=C3=A9ment Lassieur skribis: > >> sourcing /etc/profile >> >> - prepends /run/setuid-programs to $PATH >> - then sources $HOME/.guix-profile/etc/profile >> >> and sourcing $HOME/.guix-profile/etc/profile >> >> - prepends $HOME/.guix-profile/bin to $PATH >> - prepends $HOME/.guix-profile/sbin to $PATH >> >> so in the end, $PATH looks like: >> >> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run= /setuid-programs:... >> >> and a command like 'ping' is found in ~/.guix-profile/bin, which makes >> it unusable. > > AFAICS this is not a regression, but it can be fixed this way: No it's not a regression. I've had the fix locally for a long time. > diff --git a/gnu/system.scm b/gnu/system.scm > index 7cb12a827..d367307a2 100644 > --- a/gnu/system.scm > +++ b/gnu/system.scm > @@ -616,9 +616,6 @@ unset PATH > GUIX_PROFILE=3D/run/current-system/profile ; \\ > . /run/current-system/profile/etc/profile >=20=20 > -# Prepend setuid programs. > -export PATH=3D/run/setuid-programs:$PATH > - > # Since 'lshd' does not use pam_env, /etc/environment must be explicitly > # loaded when someone logs in via SSH. See . > # We need 'PATH' to be defined here, for 'cat' and 'cut'. Do this before > @@ -645,6 +642,9 @@ do > fi > done >=20=20 > +# Prepend setuid programs. > +export PATH=3D/run/setuid-programs:$PATH > + > # Arrange so that ~/.config/guix/current/share/info comes first. > export INFOPATH=3D\"$HOME/.config/guix/current/share/info:$INFOPATH\" Yes this sounds good. > In the example you give (inetutils), I suppose users want > /run/setuid-programs/ping to come first. I wonder if there are > situations where the current behavior is desirable; maybe not. > > Thoughts? I can't think of any situations where the current behavior is desirable. Thank you, Cl=C3=A9ment