Why is "local" insecure PATH element ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I've noticed some failures in automated tests in bodhi, specifically
this one:

    {
       "arch" : "x86_64",
       "code" : "SuspiciousPath",
       "context" : {
	  "excerpt" : [
	     "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
	  ],
	  "path" : "/usr/sbin/e2scrub"
       },
       "diag" : "Potentially insecure PATH element <tt>/local</tt>",
       "subpackage" : "e2scrub"
    },


I am not sure why it's considered insecure while on all of the Fedora
and RHEL systems I have available "/usr/local/sbin:/usr/local/bin" is a
default part of the PATH.

What am I missing ?

-Lukas
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux