Bug 505359 - Current directory included in default path
Summary: Current directory included in default path
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: slim
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Lorenzo Villani
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-11 16:08 UTC by Nate Straz
Modified: 2009-10-27 07:16 UTC (History)
1 user (show)

Fixed In Version: 1.3.1-9.fc10
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-27 06:38:48 UTC

Attachments (Terms of Use)
Remove current directory from default path (384 bytes, text/plain)
2009-06-11 16:08 UTC, Nate Straz 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

Description Nate Straz 2009-06-11 16:08:29 UTC 
Created attachment 347433 [details]
Remove current directory from default path

Description of problem:

The SLiM display manager includes the current directory in it's default path which opens up users to trojan attacks and other unexpected behavior.  It should be removed from the default config.

Version-Release number of selected component (if applicable):
slim-1.3.1-5.fc11.i586

How reproducible:
Every time

Steps to Reproduce:
1. open xterm
2. echo $PATH
  
Actual results:
[nstraz@tin ~]$ echo $PATH
/usr/lib/qt-3.3/bin:/usr/kerberos/bin:./:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/msp/nstraz/bin


Expected results:
[nstraz@tin ~]$ echo $PATH
/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/msp/nstraz/bin

Additional info:
Comment 1 Anders F Björklund 2009-06-11 16:32:39 UTC 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484773

But not reported upstream so far, as far as I could tell.
Comment 2 Fedora Update System 2009-06-22 09:08:54 UTC 
slim-1.3.0-8.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/slim-1.3.0-8.fc9
Comment 3 Anders F Björklund 2009-10-09 12:41:50 UTC 
Patch was added in http://koji.fedoraproject.org/koji/buildinfo?buildID=111326
for Rawhide 12, but needs backporting to the Fedora 10 and Fedora 11 releases.
Comment 4 Fedora Update System 2009-10-10 13:19:33 UTC 
slim-1.3.1-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/slim-1.3.1-8.fc11
Comment 5 Fedora Update System 2009-10-10 13:31:16 UTC 
slim-1.3.1-9.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/slim-1.3.1-9.fc10
Comment 6 Fedora Update System 2009-10-14 01:48:46 UTC 
slim-1.3.1-9.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update slim'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-10461
Comment 7 Fedora Update System 2009-10-14 01:54:16 UTC 
slim-1.3.1-8.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update slim'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-10475
Comment 8 Fedora Update System 2009-10-27 06:38:42 UTC 
slim-1.3.1-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2009-10-27 07:15:51 UTC 
slim-1.3.1-9.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.