Date: Thu, 24 Dec 2015 23:42:03 -0800 From: Alfred Perlstein <alfred@freebsd.org> To: freebsd-arch@freebsd.org, Jilles Tjoelker <jilles@stack.nl> Subject: Re: Expanding _PATH_DEFPATH Message-ID: <567CF34B.4030404@freebsd.org> In-Reply-To: <20151224231349.GA5821@stack.nl> References: <20151224231349.GA5821@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/24/15 3:13 PM, Jilles Tjoelker wrote: > In <paths.h> there is a #define _PATH_DEFPATH which is set to > /usr/bin:/bin. This does not include /sbin, /usr/sbin and ports > (/usr/local/bin and /usr/local/sbin) directories and is therefore often > insufficient. > > This is rarely a problem because _PATH_DEFPATH is overridden by > /etc/login.conf, ~/.login_conf and/or shell startup files. _PATH_DEFPATH > is still used as a default by execlp(), execvp(), posix_spawnp() and sh > if PATH is not set, and by cron. > > Especially the latter is a common trap (most recently in PR 204813). We > can fix it for 99% by changing _PATH_DEFPATH to > /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin > This is the path in the default class in the default /etc/login.conf, > excluding ~/bin which would not be expanded properly in a string > constant. > > For consistency, the _PATH_DEFPATH for RESCUE below and in 3 man pages > (exec.3, posix_spawn.3, crontab.5) need to be adjusted as well. > I have stubbed toes against this silly restricted path so many times that this would be a welcome change. However before changing the PATH please consult secteam to make sure it's safe. I might recommend for the time being going with the suggestion in the PR which asks that a friendly note be added to files. This would be more "safe" until secteam can analyze. -Alfred
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?567CF34B.4030404>