https://bugzilla.novell.com/show_bug.cgi?id=145687#c20
Pavol Rusnak changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
Info Provider| |lnussel@novell.com
--- Comment #20 from Pavol Rusnak 2007-08-28 02:54:19 MST ---
I have just found out that eg. Debian uses --with-secure-path, but also uses
--with-exempt=sudo, which causes that PATH for users in group sudo is not being
reset to secure_path if PATH is in env_keep. We do not have group sudo, but
maybe could use group wheel for this purpose.
Ludwig: which solution do you like more?
a) Comment#18
- use --without-secure-path
- change hardcoded secure_path to /usr/sbin:/bin:/usr/bin:/sbin
* PATH will be kept if specified in env_keep for all users
* PATH will be reset to secure_path if not in env_keep for all users
b) --with-exempt=wheel (more secure)
- use --with-secure-path=/usr/sbin:/bin:/usr/bin:/sbin
* PATH will be kept if user is in group wheel _AND_ PATH is present in
env_keep
* PATH will be reset if user is not in group wheel _OR_ PATH is not present
in env_keep
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.