On Mon, Jul 07, 2014 at 03:30:52PM +0200, Josef Reidinger wrote:
On Mon, 7 Jul 2014 15:22:24 +0200 Arvin Schnell
wrote: On Mon, Jul 07, 2014 at 03:01:40PM +0200, Josef Reidinger wrote:
On other hand absolute path can make troubles to use library/gem on non-suse systems or even on older suse systems, which is wrong from my POV.
Yes, that's why I dislike all this moving of binaries.
I agree, I also do not see benefit of this step.
So I think resolution can be use PATH for common binaries and for specific binaries use absolute path.
Paving the path to security issues? I suppose developers just use a library and expect it to be safe independent of PATH. For libstorage that's my objective.
Maybe we can look around how other tools do this task and collect possible ideas how to solve it?
Sure, I just grepped for "bin/" in my upstream git repos
directory and found e.g. (more than 200):
./hwinfo/src/hd/block.c: hd_data->lsscsi = read_file("|/usr/bin/lsscsi -t 2>/dev/null", 0, 0);
./hwinfo/src/hd/net.c: str_printf(&buf, 0, "|/usr/sbin/ethtool -e %s 2>/dev/null", hd->unix_dev_name);
./linux-pam/modules/pam_xauth/pam_xauth.c: "/usr/bin/X11/xauth"
./linux-pam/modules/pam_namespace/pam_namespace.c: if (execle("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, NULL, envp) < 0)
./glibc/stdio-common/test-popen.c: output = popen("/bin/cat", "m");
./xfsprogs/libdisk/dm.c: else if (!access("/sbin/dmsetup", R_OK|X_OK))
./libyui/libyui-gtk/src/YGDialog.cc: ret = system ("/usr/bin/xterm &");
./libzypp/zypp/KeyRing.cc: #define GPG_BINARY "/usr/bin/gpg2"
./libzypp/tests/zypp/PluginFrame_test.cc: PluginScript scr( "/bin/cat" );
And in all systemd service files I couldn't find a single Exec
statement without a full path.
Regards,
Arvin
--
Arvin Schnell,