[Bug 794084] New: usage of absolute paths / get_kernel_version
https://bugzilla.novell.com/show_bug.cgi?id=794084 https://bugzilla.novell.com/show_bug.cgi?id=794084#c0 Summary: usage of absolute paths / get_kernel_version Classification: openSUSE Product: openSUSE Factory Version: 12.3 Milestone 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: yast2-maintainers@suse.de ReportedBy: ohering@suse.com QAContact: jsrain@suse.com Found By: Outsourced Testing Blocker: --- The inst-sys in current factory prints some warnings to system console in first stage installation, /sbin/get_kernel_version does not exist. I see this particular file referenced in yast2-kdump and scrconf/boot_vmlinux_version.scr Please remove usage of absolute pathnames and rely on $PATH instead. I'm sure there are other places where binaries are called with absolute paths, please fix such places as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c1
Jiří Suchomel
I'm sure there are other places where binaries are called with absolute paths, please fix such places as well.
Plenty, likely most of calls done by YaST via SCR (.target.bash_*) use absolute paths. AFAIK target agent warns against non-absolute paths. Martin, you may be to one to know the original reason, as well as the current necessity of it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c2
Martin Vidner
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c3
--- Comment #3 from Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c4
Arvin Schnell
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c5
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c6
--- Comment #6 from Arvin Schnell
I don't remember the reason, but we should simply assume that /bin:/usr/bin:/sbin:/usr/sbin are in $PATH
This is not the case when calling YaST via sudo, see bug #61580. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c7
--- Comment #7 from Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c8
--- Comment #8 from Lukas Ocilka
If a $tool (like yast) needs certain elements in PATH it has to append or prepend the required elements.
There's nothing like $tool like YaST. YaST is a set of tools using many different binaries from different paths. YaST runs as root, so, for security reasons, binaries are called using their full path. We'll wait for the security team to evaluate the current status and/or propose better solution. BTW, as few changes as possible is the preferred solution from my POV. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c9
--- Comment #9 from Olaf Hering
(In reply to comment #7)
If a $tool (like yast) needs certain elements in PATH it has to append or prepend the required elements.
There's nothing like $tool like YaST. YaST is a set of tools using many different binaries from different paths.
YaST runs as root, so, for security reasons, binaries are called using their full path. We'll wait for the security team to evaluate the current status and/or propose better solution.
If thats a real concern, why not force PATH to have a fixed value with needed paths, at yast startup? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c10
--- Comment #10 from Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c11
Thomas Biege
What is the security team stance?
- used a safe set of $PATH /bin:/usr/bin:/sbin:/usr/sbin - do not use the $PATH inherited from the caller (problematic with setuid, and AFAIR su/sudo) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c12
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c13
Arvin Schnell
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c14
Thomas Göttlicher
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c15
Arvin Schnell
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c16
--- Comment #16 from Thomas Göttlicher
Created pull request: https://github.com/yast/yast-yast2/pull/35 Merged.
Arvin, thank you for this fix. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794084
https://bugzilla.novell.com/show_bug.cgi?id=794084#c17
--- Comment #17 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com