From: ludo@gnu.org (Ludovic Courtès)
To: "Clément Lassieur" <clement@lassieur.org>
Cc: 31814@debbugs.gnu.org
Subject: bug#31814: setuid programs are not first in PATH
Date: Sun, 17 Jun 2018 23:07:00 +0200 [thread overview]
Message-ID: <87sh5ljf63.fsf@gnu.org> (raw)
In-Reply-To: <87602mu57o.fsf@lassieur.org> ("Clément Lassieur"'s message of "Wed, 13 Jun 2018 16:32:59 +0200")
[-- Attachment #1: Type: text/plain, Size: 642 bytes --]
Hello Clément,
Clément Lassieur <clement@lassieur.org> skribis:
> sourcing /etc/profile
>
> - prepends /run/setuid-programs to $PATH
> - then sources $HOME/.guix-profile/etc/profile
>
> and sourcing $HOME/.guix-profile/etc/profile
>
> - prepends $HOME/.guix-profile/bin to $PATH
> - prepends $HOME/.guix-profile/sbin to $PATH
>
> so in the end, $PATH looks like:
>
> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>
> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
> it unusable.
AFAICS this is not a regression, but it can be fixed this way:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 781 bytes --]
diff --git a/gnu/system.scm b/gnu/system.scm
index 7cb12a827..d367307a2 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -616,9 +616,6 @@ unset PATH
GUIX_PROFILE=/run/current-system/profile ; \\
. /run/current-system/profile/etc/profile
-# Prepend setuid programs.
-export PATH=/run/setuid-programs:$PATH
-
# Since 'lshd' does not use pam_env, /etc/environment must be explicitly
# loaded when someone logs in via SSH. See <http://bugs.gnu.org/22175>.
# We need 'PATH' to be defined here, for 'cat' and 'cut'. Do this before
@@ -645,6 +642,9 @@ do
fi
done
+# Prepend setuid programs.
+export PATH=/run/setuid-programs:$PATH
+
# Arrange so that ~/.config/guix/current/share/info comes first.
export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
[-- Attachment #3: Type: text/plain, Size: 224 bytes --]
In the example you give (inetutils), I suppose users want
/run/setuid-programs/ping to come first. I wonder if there are
situations where the current behavior is desirable; maybe not.
Thoughts?
Thanks,
Ludo’.
next prev parent reply other threads:[~2018-06-17 21:08 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-13 14:32 bug#31814: setuid programs are not first in PATH Clément Lassieur
2018-06-13 15:05 ` Joshua Branson
2018-06-13 15:06 ` Julien Lepiller
2018-06-13 15:06 ` Clément Lassieur
2018-06-14 14:01 ` Joshua Branson
2018-06-16 9:35 ` Ricardo Wurmus
2018-06-16 22:35 ` Clément Lassieur
2018-06-17 21:07 ` Ludovic Courtès [this message]
2018-06-18 6:16 ` Clément Lassieur
2018-06-19 9:29 ` Ludovic Courtès
2018-06-19 10:26 ` Clément Lassieur
2018-06-18 13:40 ` Marius Bakke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sh5ljf63.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=31814@debbugs.gnu.org \
--cc=clement@lassieur.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.