------- Comment From [email protected] 2018-11-20 04:36 EDT------- Additional info from Hendrik:
Ingo is correct here and we had a discussion about setting PATH explicitly for security reasons. For running zkey as regular user or as root is not the problem. But it becomes a security subject for running zkey with sudo. Assume you have granted a user the permission to run sudo zkey and the user constructs a PATH for finding the cryptsetup binary in a directory controlled by the user. If sudo zkey would then call this cryptsetup binary, the user can gain more privileges. The alternative is to hard-code the path to the cryptsetup binary but that's typically a problem because it might be installed in different location depending on the Linux distributions. So if you want to remove the PATH for Ubuntu, please either ensure that all calls to external programs use hard-coded paths or ensure that the default configuration for sudo sets up a pre-defined path (overriding any existing settings). Of course, this PATH configuration needs to be done for all kinds of such invocations, for example, su, ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1803958 Title: [UBUNTU] zkey: Fails to run commands generated by 'zkey cryptsetup' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1803958/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
