On Mon, 7 Jul 2014 14:52:07 +0200
Arvin Schnell
On Mon, Jul 07, 2014 at 02:23:36PM +0200, Josef Reidinger wrote:
On Mon, 7 Jul 2014 14:17:40 +0200 Arvin Schnell
wrote: On Mon, Jul 07, 2014 at 02:11:48PM +0200, Lukas Ocilka wrote:
On 7.7.2014 14:07, Josef Reidinger wrote:
I have general question and I think answer to it should be somewhere written as documented decision.
Why we use absolute path to binary? I think proper set PATH in environment should be goal and use common path. Also from security point of view it is quite useless because if PATH is attacked, then also any real root action is attacked.
Sure, I myself also prefer the shorter way, but I think it was because of security. Let's ask our security expert if this is really the case, or whether it has changed meanwhile.
Bug https://bugzilla.novell.com/show_bug.cgi?id=794084 mentions some reasons.
Regards, Arvin
I see some reasons, but I worry that we need to proper fix PATH
But how, esp. if we want to make parts of YaST available as libraries (modules/gems)?
From my point of a library should work with any PATH variable.
Regards, Arvin
On other hand absolute path can make troubles to use library/gem on non-suse systems or even on older suse systems, which is wrong from my POV. I think it is reasonable requirement for library or gem, that it need working path to its work. So I think resolution can be use PATH for common binaries and for specific binaries use absolute path. Josef -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org