Bug 1473331 - /etc/bash_completion.d/yum-utils.bash runs pkg-config without fully qualified path
/etc/bash_completion.d/yum-utils.bash runs pkg-config without fully qualified...
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: yum-utils (Show other bugs)
Unspecified Linux
unspecified Severity medium
: rc
: ---
Assigned To: Valentina Mukhamedzhanova
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2017-07-20 09:52 EDT by James Pearson
Modified: 2017-07-20 09:52 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description James Pearson 2017-07-20 09:52:26 EDT
Description of problem:

The bash completion script (/etc/bash_completion.d/yum-utils.bash) installed by yum-utils does:

type -t _yum >/dev/null || . $(pkg-config --variable=completionsdir bash-complet

If another 'pkg-config' is earlier on the PATH, this could cause issues - especially if running '/bin/su' from a user account that doesn't use bash as their default shell (e.g. tcsh)

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Set up user account that uses /bin/tcsh as the shell
2. Log in as the user
3. Set up path that includes a directory containing a custom pkg-config script before /usr/bin
4. Run /bin/su and type in root password

Actual results:

User 'root' runs the user's pkg-config script - which can do anything the user wants ...

Expected results:

/usr/bin/pkg-config is run

Additional info:

Ideally, root's .bashrc should set a restricted PATH - but this isn't the case with the shipped version

A simple fix is to make sure pkg-config is executed as /usr/bin/pkg-config in /etc/bash_completion.d/yum-utils.bash

Note You need to log in before you can comment on or make changes to this bug.