Bug 102567 - /bin/su compiled-in PATH conflicts with LSB, util-linux
Summary: /bin/su compiled-in PATH conflicts with LSB, util-linux
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: coreutils
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ondrej Vasik
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-08-18 05:09 UTC by Steve Bonneville
Modified: 2008-01-28 12:02 UTC (History)
0 users

Fixed In Version: RHBA-2005-544
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-28 12:02:46 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Replacement for existing sh-utils-1.16-paths.patch. (715 bytes, patch)
2003-08-18 05:11 UTC, Steve Bonneville
no flags Details | Diff

Description Steve Bonneville 2003-08-18 05:09:27 UTC
Description of problem:
                                                                                
The sh-utils-1.16-paths.patch applied to the coreutils RPM incorrectly sets the
compiled-in PATH used by 'su -' when it starts a login shell.  It conflicts with
both the LSB specification of su(1) and the actual behavior of login(1) [which
is set by lib/pathnames.h in the util-linux package].  The sbin and bin versions
of directories are set in opposite orders.
                                                                                
The /bin/su program in coreutils sets default PATH to
  (regular user): /bin:/usr/bin:/usr/local/bin:/usr/bin/X11
  (root): /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11
                                                                                
The LSB 1.3 says that the default PATH set by 'su -' before /etc/profile is
executed should be
  (regular user): /bin:/usr/bin
  (root): /sbin:/bin:/usr/sbin:/usr/bin
                                                                                
The /bin/login program from util-linux uses a default PATH almost identical to
the /bin/su LSB specification:
  (regular user): /usr/local/bin:/bin:/usr/bin
  (root): /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
[The man page for login(1) which discusses the default PATH is incorrect; see
bug #102566.]
                                                                                
The result is that when starting up a default login shell, PATH is set
differently by /bin/login and /bin/su.  The order of sbin and bin directories in
the resulting PATH is different, which has contributed to at least one bug where
a program name (up2date) existed in both /usr/bin and /usr/sbin [#102331].
                                                                               
Version-Release number of selected component (if applicable):
  coreutils-4.5.3-24 (/bin/su)
  util-linux-2.11y-22 (/bin/login)
  setup-2.5.25-1 (bash startup scripts)
                                                                                
This problem also affects RHEL 2.1 AS and RHL 9.
                                                                                
Steps to Reproduce:
1.  Login as root through a virtual console and 'echo $PATH'.
2.  Login as a regular user through a virtual console, 'su -', and 'echo $PATH'.
                                                                               

Suggested fix:
                                                                                
A replacement patch for sh-utils-1.16-paths.patch from coreutils is attached,
which changes the default PATH to match the behavior of lib/pathnames.h from
util-linux-2.11y and fixes the immediate problem.
                   
[This patch doesn't strictly follow the LSB.  According to the LSB, /usr/local
paths shouldn't be set by default by /bin/su, which this patch does.  That
should probably be done in /etc/profile, but that would require changes to the
setup package, and possibly util-linux as well for consistency.]

Comment 1 Steve Bonneville 2003-08-18 05:11:26 UTC
Created attachment 93702 [details]
Replacement for existing sh-utils-1.16-paths.patch.

Comment 2 Steve Bonneville 2003-08-19 20:27:54 UTC
An additional LSB conformance violation is that the coreutils /bin/su does not
honor the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.  Of course,
this is because the LSB assumes that the version of su that is in the
shadow-utils pristine source (which we don't package) is being used instead of
the coreutils version of su.

Comment 5 Ondrej Vasik 2008-01-28 12:02:46 UTC
Closing that forgotten modified bugzilla as ERRATA RHBA-2005:544 - duplicate bug
#158741 was fixed in that update. Feel free to reopen this bug report if the
solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-544.html


Note You need to log in before you can comment on or make changes to this bug.