On Wed, Apr 01, 2020 at 11:26:04AM -0700, Samuel Sieb wrote:
> On 4/1/20 4:27 AM, Lukas Czerner wrote:
> > I've noticed some failures in automated tests in bodhi, specifically
> > this one:
> >
> > {
> > "arch" : "x86_64",
> > "code" : "SuspiciousPath",
> > "context" : {
> > "excerpt" : [
> > "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
> > ],
> > "path" : "/usr/sbin/e2scrub"
> > },
> > "diag" : "Potentially insecure PATH element <tt>/local</tt>",
> > "subpackage" : "e2scrub"
> > },
> >
> > I am not sure why it's considered insecure while on all of the Fedora
> > and RHEL systems I have available "/usr/local/sbin:/usr/local/bin" is a
> > default part of the PATH.
>
> You don't want a system script to be looking for executables in /usr/local
> before the regular bin directories. And it's probably better that it
> doesn't look in /usr/local at all.
> It's fine for the admin to put extra things in /usr/local, but those paths
> don't override the system ones.
Thanks, that's understandable, but then why the PATH on my system is
/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
or
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
all the systems I try include /usr/local in the PATH.
-Lukas
> _______________________________________________
> devel mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/[email protected]
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
