Re: installation fails when using SU_CMD=su -...

To: tech-pkg%NetBSD.org@localhost
Subject: Re: installation fails when using SU_CMD=su -...
From: Alan Barrett <apb%cequrux.com@localhost>
Date: Mon, 4 Feb 2008 11:09:23 +0200

On Sun, 03 Feb 2008, Roland Illig wrote:
> A comment in bsd.pkg.mk says:
>
> # XXX: Shouldn't the $${PATH} be ${PATH} here? This may be related to
> # PR 34470.
> _ROOT_CMD=      cd ${.CURDIR} && \
>                 ${SETENV} ${PKGSRC_MAKE_ENV} \
>                         PATH="$${PATH}:"${SU_CMD_PATH_APPEND:Q} \
>                 ${MAKE} ${MAKEFLAGS} \
>                         PKG_DEBUG_LEVEL=${PKG_DEBUG_LEVEL:Q} \
>                         su-${.TARGET} ${MAKEFLAGS.su-${.TARGET}}

If SU_CMD_PATH_APPEND is empty, then PATH will end up with a trailing
":", which is equivalent to having "." in the path.  I consider
this to be a security problem.  The ":" should be added only if
SU_CMD_PATH_APPEND is non-blank.  I think that can be done using
something like ${SU_CMD_PATH_APPEND:C/..*/:/}.

--apb (Alan Barrett)

References:
- installation fails when using SU_CMD=su -...
  - From: Klaus Heinz
- Re: installation fails when using SU_CMD=su -...
  - From: Roland Illig

Prev by Date: daily pkgsrc CVS update output
Next by Date: pkgsrc littering the home directory
Previous by Thread: Re: installation fails when using SU_CMD=su -...
Next by Thread: daily pkgsrc CVS update output
Indexes:

Home | Main Index | Thread Index | Old Index