On Mon, 7 Jul 2014 14:17:40 +0200
Arvin Schnell
On Mon, Jul 07, 2014 at 02:11:48PM +0200, Lukas Ocilka wrote:
On 7.7.2014 14:07, Josef Reidinger wrote:
I have general question and I think answer to it should be somewhere written as documented decision.
Why we use absolute path to binary? I think proper set PATH in environment should be goal and use common path. Also from security point of view it is quite useless because if PATH is attacked, then also any real root action is attacked.
Sure, I myself also prefer the shorter way, but I think it was because of security. Let's ask our security expert if this is really the case, or whether it has changed meanwhile.
Bug https://bugzilla.novell.com/show_bug.cgi?id=794084 mentions some reasons.
Regards, Arvin
I see some reasons, but I worry that we need to proper fix PATH otherwise 1) any call that do not have absolute path is security problem ( I know a lot of places where we call e.g. sed without absolute path, so simple fake sed in some location can be used to get root permissions ) 2) if some module need path that is not standard, then it is up to module to properly set it or use absolute path 3) we are affected by changes of binary as showed above Josef -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org