From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#31814: setuid programs are not first in PATH Date: Sun, 17 Jun 2018 23:07:00 +0200 Message-ID: <87sh5ljf63.fsf@gnu.org> References: <87602mu57o.fsf@lassieur.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55452) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fUeu3-0002qu-1w for bug-guix@gnu.org; Sun, 17 Jun 2018 17:08:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fUeu2-0004ky-2A for bug-guix@gnu.org; Sun, 17 Jun 2018 17:08:03 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:46198) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fUeu1-0004kp-UF for bug-guix@gnu.org; Sun, 17 Jun 2018 17:08:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fUeu1-0004Mr-Mx for bug-guix@gnu.org; Sun, 17 Jun 2018 17:08:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87602mu57o.fsf@lassieur.org> ("=?UTF-8?Q?Cl=C3=A9ment?= Lassieur"'s message of "Wed, 13 Jun 2018 16:32:59 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Cc: 31814@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello Cl=C3=A9ment, Cl=C3=A9ment Lassieur skribis: > sourcing /etc/profile > > - prepends /run/setuid-programs to $PATH > - then sources $HOME/.guix-profile/etc/profile > > and sourcing $HOME/.guix-profile/etc/profile > > - prepends $HOME/.guix-profile/bin to $PATH > - prepends $HOME/.guix-profile/sbin to $PATH > > so in the end, $PATH looks like: > > ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/= setuid-programs:... > > and a command like 'ping' is found in ~/.guix-profile/bin, which makes > it unusable. AFAICS this is not a regression, but it can be fixed this way: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/system.scm b/gnu/system.scm index 7cb12a827..d367307a2 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -616,9 +616,6 @@ unset PATH GUIX_PROFILE=/run/current-system/profile ; \\ . /run/current-system/profile/etc/profile -# Prepend setuid programs. -export PATH=/run/setuid-programs:$PATH - # Since 'lshd' does not use pam_env, /etc/environment must be explicitly # loaded when someone logs in via SSH. See . # We need 'PATH' to be defined here, for 'cat' and 'cut'. Do this before @@ -645,6 +642,9 @@ do fi done +# Prepend setuid programs. +export PATH=/run/setuid-programs:$PATH + # Arrange so that ~/.config/guix/current/share/info comes first. export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable In the example you give (inetutils), I suppose users want /run/setuid-programs/ping to come first. I wonder if there are situations where the current behavior is desirable; maybe not. Thoughts? Thanks, Ludo=E2=80=99. --=-=-=--