On 4/1/20 4:27 AM, Lukas Czerner wrote:
I've noticed some failures in automated tests in bodhi, specifically this one:{ "arch" : "x86_64", "code" : "SuspiciousPath", "context" : { "excerpt" : [ "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" ], "path" : "/usr/sbin/e2scrub" }, "diag" : "Potentially insecure PATH element <tt>/local</tt>", "subpackage" : "e2scrub" }, I am not sure why it's considered insecure while on all of the Fedora and RHEL systems I have available "/usr/local/sbin:/usr/local/bin" is a default part of the PATH.
You don't want a system script to be looking for executables in /usr/local before the regular bin directories. And it's probably better that it doesn't look in /usr/local at all. It's fine for the admin to put extra things in /usr/local, but those paths don't override the system ones.
_______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
