URL: https://github.com/freeipa/freeipa/pull/204
Title: #204: ipautil.run: Remove hardcoded environ PATH value

rcritten commented:
PATH is untrustworthy because there is no knowing what is in it, or the order. 
It could easily have /usr/local/bin first and some rogue version of a program 
installed there, or it could have something in ~/bin. Calling exec() is 
dangerous by its very nature so we opted to be paranoid.

Your archaeology is right, this wasn't exactly documented. Perhaps it was 
discussed on IRC in relation to the bug but I remember talking to Simo about 

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to