Hi Zlatko, I will fix that in git, but having "." in $PATH (especially for root user) is a very bad bad practice and really should be avoided due security reasons.
Imagine someone dropping a malware binary in /tmp ... Ondrej On Fri, Aug 15, 2014, at 10:26, Zlatko Calusic wrote: > Package: php5-common > Version: 5.6.0~rc4+dfsg-1 > Severity: normal > > During installation: > > Setting up php5-common (5.6.0~rc4+dfsg-1) ... > find: The current directory is included in the PATH environment variable, > which is insecure in combination with the -execdir action of find. > Please remove the current directory from your $PATH (that is, remove "." > or leading or trailing colons) > dpkg: error processing package php5-common (--configure): > subprocess installed post-installation script returned error exit status > 1 > > And then all other php5 packages can't be upgraded, either. I'd say > $PATH should be sanitized somewhere, I'm fond of . in $PATH on my > personal desktop. > > -- Package-specific info: > ==== Additional PHP 5 information ==== > > ++++ PHP 5 SAPI (php5query -S): ++++ > cgi > cli > fpm > > ++++ PHP 5 Extensions (php5query -M -v): ++++ > pgsql (Enabled for cgi by maintainer script) > pgsql (Enabled for cli by maintainer script) > pgsql (Enabled for fpm by maintainer script) > pdo_mysql (Enabled for cgi by maintainer script) > pdo_mysql (Enabled for cli by maintainer script) > pdo_mysql (Enabled for fpm by maintainer script) > mysql (Enabled for cgi by maintainer script) > mysql (Enabled for cli by maintainer script) > mysql (Enabled for fpm by maintainer script) > mysqli (Enabled for cgi by maintainer script) > mysqli (Enabled for cli by maintainer script) > mysqli (Enabled for fpm by maintainer script) > pdo_pgsql (Enabled for cgi by maintainer script) > pdo_pgsql (Enabled for cli by maintainer script) > pdo_pgsql (Enabled for fpm by maintainer script) > No module matches xdebug (Disabled for cgi by local administrator) > No module matches xdebug (Disabled for cli by local administrator) > No module matches xdebug (Disabled for fpm by local administrator) > curl (Enabled for cgi by maintainer script) > curl (Enabled for cli by maintainer script) > curl (Enabled for fpm by maintainer script) > gd (Enabled for cgi by maintainer script) > gd (Enabled for cli by maintainer script) > gd (Enabled for fpm by maintainer script) > json (Enabled for cgi by maintainer script) > json (Enabled for cli by maintainer script) > json (Enabled for fpm by maintainer script) > pdo (Enabled for cgi by maintainer script) > pdo (Enabled for cli by maintainer script) > pdo (Enabled for fpm by maintainer script) > opcache (Enabled for cgi by maintainer script) > opcache (Enabled for cli by maintainer script) > opcache (Enabled for fpm by maintainer script) > readline (Enabled for cgi by maintainer script) > readline (Enabled for cli by maintainer script) > readline (Enabled for fpm by maintainer script) > > ++++ Configuration files: ++++ > **** /etc/php5/mods-available/pdo.ini **** > extension=pdo.so > > **** /etc/php5/mods-available/opcache.ini **** > zend_extension=opcache.so > > > -- System Information: > Debian Release: jessie/sid > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.16.0+ (SMP w/2 CPU cores; PREEMPT) > Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages php5-common depends on: > ii libc6 2.19-9 > ii lsof 4.86+dfsg-1 > ii psmisc 22.21-2 > ii sed 4.2.2-4 > ii ucf 3.0030 > > php5-common recommends no packages. > > Versions of packages php5-common suggests: > pn php5-user-cache <none> > > Versions of packages php5-cli depends on: > ii libbz2-1.0 1.0.6-7 > ii libc6 2.19-9 > ii libcomerr2 1.42.11-2 > ii libdb5.3 5.3.28-5 > ii libedit2 3.1-20140620-2 > ii libgssapi-krb5-2 1.12.1+dfsg-7 > ii libk5crypto3 1.12.1+dfsg-7 > ii libkrb5-3 1.12.1+dfsg-7 > ii libmagic1 1:5.19-1 > ii libonig2 5.9.5-2 > ii libpcre3 1:8.35-3 > ii libqdbm14 1.8.78-5 > ii libssl1.0.0 1.0.1i-2 > ii libxml2 2.9.1+dfsg1-4 > ii mime-support 3.56 > ii php5-json 1.3.6-1 > ii tzdata 2014f-1 > ii ucf 3.0030 > ii zlib1g 1:1.2.8.dfsg-1 > > Versions of packages php5-cli recommends: > iu php5-readline 5.6.0~rc4+dfsg-1 > > Versions of packages php5-cli suggests: > iu php-pear 5.6.0~rc4+dfsg-1 > > Versions of packages php5-cgi depends on: > ii libbz2-1.0 1.0.6-7 > ii libc6 2.19-9 > ii libcomerr2 1.42.11-2 > ii libdb5.3 5.3.28-5 > ii libgssapi-krb5-2 1.12.1+dfsg-7 > ii libk5crypto3 1.12.1+dfsg-7 > ii libkrb5-3 1.12.1+dfsg-7 > ii libmagic1 1:5.19-1 > ii libonig2 5.9.5-2 > ii libpcre3 1:8.35-3 > ii libqdbm14 1.8.78-5 > ii libssl1.0.0 1.0.1i-2 > ii libxml2 2.9.1+dfsg1-4 > ii mime-support 3.56 > iu php5-cli 5.6.0~rc4+dfsg-1 > ii php5-json 1.3.6-1 > ii tzdata 2014f-1 > ii ucf 3.0030 > ii zlib1g 1:1.2.8.dfsg-1 > > Versions of packages php5-cgi suggests: > iu php-pear 5.6.0~rc4+dfsg-1 > > Versions of packages php5-fpm depends on: > ii dpkg 1.17.11 > ii init-system-helpers 1.20 > ii libbz2-1.0 1.0.6-7 > ii libc6 2.19-9 > ii libcomerr2 1.42.11-2 > ii libdb5.3 5.3.28-5 > ii libgssapi-krb5-2 1.12.1+dfsg-7 > ii libk5crypto3 1.12.1+dfsg-7 > ii libkrb5-3 1.12.1+dfsg-7 > ii libmagic1 1:5.19-1 > ii libonig2 5.9.5-2 > ii libpcre3 1:8.35-3 > ii libqdbm14 1.8.78-5 > ii libssl1.0.0 1.0.1i-2 > ii libsystemd-daemon0 208-7 > ii libxml2 2.9.1+dfsg1-4 > ii mime-support 3.56 > iu php5-cli 5.6.0~rc4+dfsg-1 > ii php5-json 1.3.6-1 > ii tzdata 2014f-1 > ii ucf 3.0030 > ii zlib1g 1:1.2.8.dfsg-1 > > Versions of packages php5-fpm suggests: > iu php-pear 5.6.0~rc4+dfsg-1 > > -- no debconf information > > _______________________________________________ > pkg-php-maint mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý <[email protected]> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
