Title: #204: ipautil.run: Remove hardcoded environ PATH value
Can you elaborate more about that attack? Do you have any links to share?
If an attacker has permission to set a user environment variables, IMO the user
has already lot of problems and it is too late to save that situation.
I did git archaeology and this was the commit where it was added, so it was
hard to find reason why it was added.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code