From: Ruediger Meier <sweet_f_a@gmx.de>
To: Karel Zak <kzak@redhat.com>
Cc: util-linux@vger.kernel.org, Isaac Dunham <ibid.ag@gmail.com>
Subject: Re: question about hardcoded binary paths (swapon / mkswap)
Date: Thu, 2 Apr 2015 23:50:20 +0100 [thread overview]
Message-ID: <201504030050.21386.sweet_f_a@gmx.de> (raw)
In-Reply-To: <20150402191530.GG2097@ws.net.home>
On Thursday 02 April 2015, Karel Zak wrote:
> On Thu, Apr 02, 2015 at 12:19:52PM -0400, Mike Frysinger wrote:
> > On 02 Apr 2015 10:20, Karel Zak wrote:
> > > If I good remember then the reason is that the helpers does not
> > > have to be installed in standard PATH. Well, you're author of
> > > this thing
> > >
> > > :-)
> >
> > i wrote the code to make it a configure option, but the actual
> > behavior predates me. i'm interested more in the behavior, not the
> > exact configure option.
>
> So, the basis question is if we really need to support non-standard
> paths for the helpers. IMHO it's unnecessary legacy and I don't see
> a problem to drop this feature and require $PATH, and for critical
> things like fsck fallback to /sbin if $PATH is undefined.
>
> Comments?
I would like to use PATH too but also fallback if PATH is defined. That
means we just need to append our fallback path to PATH always.
The fallback path(s) may depend on what we are looking for.
In case we search an ul binary we should add the conigured and the
default path (which is just one path in default case):
"$PATH:$sbindir:/sbin" for sbin_PROGRAMS like "fsck" or "mkswap"
"$PATH:$bindir:/bin" for bin_PROGRAMS like "mount/umount"
"$PATH:$usrsbin_execdir:/usr/sbin" for usrsbin_exec_PROGRAMS
"$PATH:$usrbin_execdir:/usr/bin" for usrbin_exec_PROGRAMS
For non-ul programs we should not add any fallback path unless there is
a POSIX or other well-known one. "/bin/sh" might be the only real
special case.
> > looks like mkfs added it during the 2.2->2.5 transition, but
> > otherwise no details in the bundled NEWS that i saw. oh well.
>
> mkfs is deprecated, the right way is to call directly mkfs.<type>.
>
> > mount makes sense as it's set*id and we can't trust users to not be
> > evil :)
>
> It does not execute anything with root rights, but yes, hardcoded
> paths make sense there (just to avoid complexity and external
> dependencies on environment).
Even for mount I would like "$PATH:$bindir:/bin" too. If PATH is really
a security issue then at least "$bindir:/bin". configure --prefix=xyz
should install consistent usable util-linux progs.
cu,
Rudi
next prev parent reply other threads:[~2015-04-02 22:50 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-01 11:42 question about hardcoded binary paths (swapon / mkswap) Ruediger Meier
2015-04-01 13:38 ` Isaac Dunham
2015-04-01 16:17 ` Ruediger Meier
2015-04-01 20:10 ` Mike Frysinger
2015-04-01 21:06 ` Ruediger Meier
2015-04-01 21:38 ` Karel Zak
2015-04-02 1:12 ` Mike Frysinger
2015-04-02 8:20 ` Karel Zak
2015-04-02 16:19 ` Mike Frysinger
2015-04-02 19:15 ` Karel Zak
2015-04-02 22:50 ` Ruediger Meier [this message]
2015-04-03 1:15 ` Mike Frysinger
2015-04-03 8:52 ` Karel Zak
2015-04-03 23:16 ` Mike Frysinger
2015-04-02 17:28 ` Isaac Dunham
2015-04-01 22:23 ` Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201504030050.21386.sweet_f_a@gmx.de \
--to=sweet_f_a@gmx.de \
--cc=ibid.ag@gmail.com \
--cc=kzak@redhat.com \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox