lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 02 Jan 2021 12:57:32 +0100
From:   Bernd Petrovitsch <bernd@...rovitsch.priv.at>
To:     sedat.dilek@...il.com
Cc:     Masahiro Yamada <masahiroy@...nel.org>,
        Pavel Machek <pavel@....cz>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.11-rc1

On Sat, 2021-01-02 at 12:26 +0100, Sedat Dilek wrote:
> On Sat, Jan 2, 2021 at 12:05 PM Bernd Petrovitsch
> <bernd@...rovitsch.priv.at> wrote:
> > On Sat, 2021-01-02 at 10:13 +0100, Sedat Dilek wrote:
> > [...]
> > > To be honest I wondered why there were no more reports on this.
> > 
> > Perhaps I'm not the only one who has /sbin and /usr/sbin in the
> > $PATH of normal accounts too (and idk what's the default
> > behaviour of distributions is - my .bashrc "fixes" the
> > $PATH).
> 
> I was thinking more towards maxim/dictum:
> "Never break userspace!" or "It worked before but now it is not."

But if userspace changed (and that could be a change by the
distribution which the user isn't aware) than ...

> Think of automated kernel build and test setups based on Debian.
> 
> Debian/testing AMD64 has...
OK.
> [ /etc/login.defs ]
> 
> # *REQUIRED*  The default PATH settings, for superuser and normal users.
> #
> # (they are minimal, add the rest in the shell startup files)
> ENV_SUPATH
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> ENV_PATH        PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

Well, "minimal" and /usr/local/games:/usr/games ...
/usr/local/* is the next ...

Yes, it's hard for the distribution to "guess" the local admins
habits and policies ....

> IMHO users should not need to fix their environment.
> ( The discussion is a bit obsolete as we now have a fix. )

FWIW, I have no (and don't see any) problems simply appending
/sbin:/usr/sbin to the $PATH in/for the kernel's scripts.

MfG,
	Bernd
-- 
Bernd Petrovitsch                  Email : bernd@...rovitsch.priv.at
There is no cloud, just other people computers. - FSFE
                     LUGA : http://www.luga.at


Powered by blists - more mailing lists