Marc Haber writes ("Bug#357978: adduser calls /usr/bin/chfn instead of invoking
chfn from PATH"):
> Hm. We are using hard-coded paths since we avoid using a shell for
> subprocess invocation.
I'm afraid I don't understand this comment at all. Honouring the PATH
just involves calling exec*p rather than exec*, and doesn't need to
use a subprocess. The libc will search the PATH for you.
> We're going to change to a PATH-honoring setup
> in one of the next versions, but we're going to set our own PATH on
> startup to avoid privilege escalation issues.
That's completely wrong. adduser is running as root to start with and
isn't setuid. It should honour its PATH completely.
Ian.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
