Bug 505359 - Current directory included in default path
Current directory included in default path
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: slim (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Lorenzo Villani
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-11 12:08 EDT by Nate Straz
Modified: 2009-10-27 03:16 EDT (History)
1 user (show)

See Also:
Fixed In Version: 1.3.1-9.fc10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-27 02:38:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Remove current directory from default path (384 bytes, text/plain)
2009-06-11 12:08 EDT, Nate Straz
no flags Details

  None (edit)
Description Nate Straz 2009-06-11 12:08:29 EDT
Created attachment 347433 [details]
Remove current directory from default path

Description of problem:

The SLiM display manager includes the current directory in it's default path which opens up users to trojan attacks and other unexpected behavior.  It should be removed from the default config.

Version-Release number of selected component (if applicable):
slim-1.3.1-5.fc11.i586

How reproducible:
Every time

Steps to Reproduce:
1. open xterm
2. echo $PATH
  
Actual results:
[nstraz@tin ~]$ echo $PATH
/usr/lib/qt-3.3/bin:/usr/kerberos/bin:./:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/msp/nstraz/bin


Expected results:
[nstraz@tin ~]$ echo $PATH
/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/msp/nstraz/bin

Additional info:
Comment 1 Anders F Björklund 2009-06-11 12:32:39 EDT
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484773

But not reported upstream so far, as far as I could tell.
Comment 2 Fedora Update System 2009-06-22 05:08:54 EDT
slim-1.3.0-8.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/slim-1.3.0-8.fc9
Comment 3 Anders F Björklund 2009-10-09 08:41:50 EDT
Patch was added in http://koji.fedoraproject.org/koji/buildinfo?buildID=111326
for Rawhide 12, but needs backporting to the Fedora 10 and Fedora 11 releases.
Comment 4 Fedora Update System 2009-10-10 09:19:33 EDT
slim-1.3.1-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/slim-1.3.1-8.fc11
Comment 5 Fedora Update System 2009-10-10 09:31:16 EDT
slim-1.3.1-9.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/slim-1.3.1-9.fc10
Comment 6 Fedora Update System 2009-10-13 21:48:46 EDT
slim-1.3.1-9.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update slim'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-10461
Comment 7 Fedora Update System 2009-10-13 21:54:16 EDT
slim-1.3.1-8.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update slim'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-10475
Comment 8 Fedora Update System 2009-10-27 02:38:42 EDT
slim-1.3.1-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2009-10-27 03:15:51 EDT
slim-1.3.1-9.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.