← Back to team overview

ubuntu-translations-coordinators team mailing list archive

  1. ubuntu-translations-coordinators team
  2. Mailing list archive
  3. Message #11128

[Bug 1792004] [NEW] built-in PATH seems to have sbin and bin out of order; and inconsistent

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

You have been subscribed to a public security bug:

[Impact]

 * For consistency reasons sbin should be ordered before bin in PATH.

[Test Case]

 * $ env -u PATH /bin/bash -c 'echo $PATH'

And check that matching pairs in PATH, have /sbin variant leading /bin
variant.

[Regression Potential]

 * Ubuntu does not ship duplicate binries, with different behaviour
between /sbin and /bin, thus all binaries will continue to be found in
all locations. Also PATH is normally already set in the environment, and
this change only affects the fallback path when bash is executed without
any environment, i.e. booting with 'init=/bin/bash'

[Other Info]
 
 * Original bug report detailing inconsistent paths between various shells.

---


$ env -u PATH /bin/sh -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ env -u PATH /bin/dash -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ systemd-run --unit test-env env # ... and check journal for PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ env -u PATH /bin/bash -c 'echo $PATH'
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.

$ env -u PATH /bin/busybox sh -c 'echo $PATH'
/sbin:/usr/sbin:/bin:/usr/bin

$ grep 'export PATH=' -r initramfs-tools-0.131ubuntu10/
initramfs-tools-0.131ubuntu10/mkinitramfs:export PATH='/usr/bin:/sbin:/bin'
initramfs-tools-0.131ubuntu10/init:export PATH=/sbin:/usr/sbin:/bin:/usr/bin

dracut.sh has DRACUT_PATH=${DRACUT_PATH:-/sbin /bin /usr/sbin /usr/bin} exported as PATH
dracut-047+31/modules.d/99shutdown/shutdown.sh:export PATH=/usr/sbin:/usr/bin:/sbin:/bin

$ cat /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

apt & dpkg => should probably initiate /usr/local-less PATH

Imho the rest should probably be harmonised to:

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

===

>From a duplicate
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1614080 :

$ for i in 12.04 12.10 13.04 13.10 14.04 14.10 15.04 15.10 16.04; do echo $i; docker run -it --rm ubuntu:$i bash -c "unset PATH; /bin/bash -c 'echo \$PATH'"; done
12.04
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
12.10
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
13.04
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
13.10
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
14.04
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.
14.10
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.
15.04
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.
15.10
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.
16.04
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.

I believe later releases of bash, do too include CWD in the built-in
PATH.

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: bash (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: busybox (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: dash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: dpkg (Ubuntu)
     Importance: Undecided
         Status: Won't Fix

** Affects: pam (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: bash (Ubuntu Xenial)
     Importance: Undecided
         Status: Fix Committed

** Affects: bash (Ubuntu Bionic)
     Importance: Undecided
         Status: Fix Committed

** Affects: bash (Ubuntu Disco)
     Importance: Undecided
         Status: Fix Committed

** Affects: ubuntu-translations
     Importance: Undecided
         Status: New


** Tags: verification-done verification-done-bionic verification-done-disco verification-done-xenial
-- 
built-in PATH seems to have sbin and bin out of order; and inconsistent
https://bugs.launchpad.net/bugs/1792004
You received this bug notification because you are a member of Ubuntu Translations Coordinators, which is subscribed to Ubuntu Translations.
  Thread PreviousDate PreviousThread Next