[Bug 794084] New: usage of absolute paths / get_kernel_version
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c0 Summary: usage of absolute paths / get_kernel_version Classification: openSUSE Product: openSUSE Factory Version: 12.3 Milestone 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: yast2-maintainers@suse.de ReportedBy: ohering@suse.com QAContact: jsrain@suse.com Found By: Outsourced Testing Blocker: --- The inst-sys in current factory prints some warnings to system console in first stage installation, /sbin/get_kernel_version does not exist. I see this particular file referenced in yast2-kdump and scrconf/boot_vmlinux_version.scr Please remove usage of absolute pathnames and rely on $PATH instead. I'm sure there are other places where binaries are called with absolute paths, please fix such places as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c1 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |jsrain@suse.com, | |jsuchome@suse.com, | |locilka@suse.com InfoProvider| |mvidner@suse.com --- Comment #1 from Jiří Suchomel <jsuchome@suse.com> 2012-12-12 13:29:16 UTC --- (In reply to comment #0)
I'm sure there are other places where binaries are called with absolute paths, please fix such places as well.
Plenty, likely most of calls done by YaST via SCR (.target.bash_*) use absolute paths. AFAIK target agent warns against non-absolute paths. Martin, you may be to one to know the original reason, as well as the current necessity of it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c2 Martin Vidner <mvidner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|mvidner@suse.com | --- Comment #2 from Martin Vidner <mvidner@suse.com> 2012-12-12 14:44:10 CET --- It used to warn, but that was 10 years(!) ago https://github.com/yast/yast-core/blob/7fe2e3df308b8b6a901cb2cfd60f398df5321... (BTW the code should be removed instead of ifdefed out) I don't remember the reason, but we should simply assume that /bin:/usr/bin:/sbin:/usr/sbin are in $PATH -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c3 --- Comment #3 from Jiří Suchomel <jsuchome@suse.com> 2012-12-13 10:31:02 UTC --- Going though whole ycp code, replace the calls, submit new packages might be long task, specially when we do not see a reward. I suggest to replace the call path only when we already touch some yast2 package for a different reason. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c4 Arvin Schnell <aschnell@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aschnell@suse.com --- Comment #4 from Arvin Schnell <aschnell@suse.com> 2012-12-13 11:06:14 UTC --- In general there can be different binaries with the same name in different locations. E.g. that is the case for rpcinfo on SLE11 SP2. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c5 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |security-team@suse.de --- Comment #5 from Jiří Suchomel <jsuchome@suse.com> 2012-12-13 11:17:27 UTC --- What is the security team stance? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c6 --- Comment #6 from Arvin Schnell <aschnell@suse.com> 2012-12-13 14:00:51 UTC --- (In reply to comment #2)
I don't remember the reason, but we should simply assume that /bin:/usr/bin:/sbin:/usr/sbin are in $PATH
This is not the case when calling YaST via sudo, see bug #61580. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c7 --- Comment #7 from Olaf Hering <ohering@suse.com> 2012-12-13 15:05:31 CET --- If a $tool (like yast) needs certain elements in PATH it has to append or prepend the required elements. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c8 --- Comment #8 from Lukas Ocilka <locilka@suse.com> 2012-12-13 14:18:20 UTC --- (In reply to comment #7)
If a $tool (like yast) needs certain elements in PATH it has to append or prepend the required elements.
There's nothing like $tool like YaST. YaST is a set of tools using many different binaries from different paths. YaST runs as root, so, for security reasons, binaries are called using their full path. We'll wait for the security team to evaluate the current status and/or propose better solution. BTW, as few changes as possible is the preferred solution from my POV. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c9 --- Comment #9 from Olaf Hering <ohering@suse.com> 2012-12-13 17:18:22 CET --- (In reply to comment #8)
(In reply to comment #7)
If a $tool (like yast) needs certain elements in PATH it has to append or prepend the required elements.
There's nothing like $tool like YaST. YaST is a set of tools using many different binaries from different paths.
YaST runs as root, so, for security reasons, binaries are called using their full path. We'll wait for the security team to evaluate the current status and/or propose better solution.
If thats a real concern, why not force PATH to have a fixed value with needed paths, at yast startup? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c10 --- Comment #10 from Lukas Ocilka <locilka@suse.com> 2012-12-14 09:45:46 UTC --- Because * User/system can start YaST by more methods than just /sbin/yast2 XYZ * Even then, nobody can tell which ALL paths will be/are needed * YaST has too many entry points (ycp scripts) that there's no single place to define ALL needed paths by a module * One YaST module can call another YaST module and if they had two definitions on PATH(s), they would conflict - installation is one big example -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c11 Thomas Biege <thomas@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|security-team@suse.de | --- Comment #11 from Thomas Biege <thomas@suse.com> 2012-12-14 15:42:29 CET --- (In reply to comment #5)
What is the security team stance?
- used a safe set of $PATH /bin:/usr/bin:/sbin:/usr/sbin - do not use the $PATH inherited from the caller (problematic with setuid, and AFAIR su/sudo) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c12 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |mvidner@suse.com InfoProvider| |aschnell@suse.com --- Comment #12 from Jiří Suchomel <jsuchome@suse.com> 2012-12-18 08:56:46 UTC --- Martin, Arvin: any way to achieve this? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c13 Arvin Schnell <aschnell@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|aschnell@suse.com | --- Comment #13 from Arvin Schnell <aschnell@suse.com> 2013-01-02 10:15:22 UTC --- Due to the many entry points YaST has this is difficult (as Lukas already mentioned) if you want the change to also effect e.g. startup scripts. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c14 Thomas Göttlicher <tgoettlicher@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tgoettlicher@suse.com --- Comment #14 from Thomas Göttlicher <tgoettlicher@suse.com> 2013-01-04 15:36:14 UTC --- It doesn't make much sense to change zillions of calls just because a single executable is at a different location. Please stick with absolute paths and fix the call of the single executable only. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c15 Arvin Schnell <aschnell@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #15 from Arvin Schnell <aschnell@suse.com> 2013-01-04 15:39:38 UTC --- Created pull request: https://github.com/yast/yast-yast2/pull/35 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c16 --- Comment #16 from Thomas Göttlicher <tgoettlicher@suse.com> 2013-01-04 15:45:44 UTC --- (In reply to comment #15)
Created pull request: https://github.com/yast/yast-yast2/pull/35 Merged.
Arvin, thank you for this fix. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c17 --- Comment #17 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-01-08 14:00:42 CET --- This is an autogenerated message for OBS integration: This bug (794084) was mentioned in https://build.opensuse.org/request/show/147522 Factory / yast2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com