[Touch-packages] [Bug 1792004] [NEW] built-in PATH seems to have sbin and bin out of order; and inconsistent

Tue, 11 Sep 2018 12:11:40 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

$ env -u PATH /bin/sh -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ env -u PATH /bin/dash -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ systemd-run --unit test-env env # ... and check journal for PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ env -u PATH /bin/bash -c 'echo $PATH'
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.

$ cat /etc/environment 
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

Imho all of these should be harmonised to:

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

** Affects: bash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: dash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: pam (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: dash (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1792004

Title:
  built-in PATH seems to have sbin and bin out of order; and
  inconsistent

Status in bash package in Ubuntu:
  New
Status in dash package in Ubuntu:
  New
Status in pam package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  $ env -u PATH /bin/sh -c 'echo $PATH'
  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

  $ env -u PATH /bin/dash -c 'echo $PATH'
  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

  $ systemd-run --unit test-env env # ... and check journal for PATH
  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

  $ env -u PATH /bin/bash -c 'echo $PATH'
  /usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.

  $ cat /etc/environment 
  
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

  Imho all of these should be harmonised to:

  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1792004/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to