[Bug 1792004] [NEW] built-in PATH seems to have sbin and bin out of order; and inconsistent

Dimitri John Ledkov Tue, 11 Sep 2018 12:11:36 -0700

*** This bug is a security vulnerability ***

Public security bug reported:


$ env -u PATH /bin/sh -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ env -u PATH /bin/dash -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ systemd-run --unit test-env env # ... and check journal for PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ env -u PATH /bin/bash -c 'echo $PATH'
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.

$ cat /etc/environment 
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

Imho all of these should be harmonised to:

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

** Affects: bash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: dash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: pam (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: dash (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1792004

Title:
  built-in PATH seems to have sbin and bin out of order; and
  inconsistent

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1792004/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1792004] [NEW] built-in PATH seems to have sbin and bin out of order; and inconsistent

Reply via email to