[Bug 1792004] [NEW] built-in PATH seems to have sbin and bin out of order; and inconsistent

Dimitri John Ledkov launchpad at surgut.co.uk
Tue Sep 11 18:57:48 UTC 2018 

*** This bug is a security vulnerability ***

Public security bug reported:

$ env -u PATH /bin/sh -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ env -u PATH /bin/dash -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ systemd-run --unit test-env env # ... and check journal for PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

$ env -u PATH /bin/bash -c 'echo $PATH'
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.

$ cat /etc/environment 
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

Imho all of these should be harmonised to:

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

** Affects: bash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: dash (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: pam (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: dash (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1792004

Title:
  built-in PATH seems to have sbin and bin out of order; and
  inconsistent

Status in bash package in Ubuntu:
  New
Status in dash package in Ubuntu:
  New
Status in pam package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  $ env -u PATH /bin/sh -c 'echo $PATH'
  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

  $ env -u PATH /bin/dash -c 'echo $PATH'
  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

  $ systemd-run --unit test-env env # ... and check journal for PATH
  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

  $ env -u PATH /bin/bash -c 'echo $PATH'
  /usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.

  $ cat /etc/environment 
  PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

  Imho all of these should be harmonised to:

  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1792004/+subscriptions

More information about the foundations-bugs mailing list