Received: (at 52011) by debbugs.gnu.org; 9 Sep 2022 16:10:15 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 09 12:10:15 2022 Received: from localhost ([127.0.0.1]:35169 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oWga7-0006xr-1i for submit <at> debbugs.gnu.org; Fri, 09 Sep 2022 12:10:15 -0400 Received: from mail-ej1-f65.google.com ([209.85.218.65]:44025) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>) id 1oWga5-0006xT-TD for 52011 <at> debbugs.gnu.org; Fri, 09 Sep 2022 12:10:14 -0400 Received: by mail-ej1-f65.google.com with SMTP id v16so5064240ejr.10 for <52011 <at> debbugs.gnu.org>; Fri, 09 Sep 2022 09:10:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date; bh=V2YsCNt5t9pj/Uf6o9g+Of5RsLcFd+DZcVRNqo2PkNc=; b=aiTL+qcntS+gezaRDSyyeuhl3K4CIpmP85v/YYVFbxwma6Vsd0UcRX/Z2udyulsCxh PgAxVXeLwqi5ZBMY4bqtrApT9uL+h5KiRwioJFCMDvBXkU7sjtgZaEHllxNPKXLKDjz+ j0nQqwXD04md5HYvCZt4GGCa47kzC0E7XzCmAN4+IBXPQDzV6WrW433RQQohZN/dVIjV xi/ECJzgGgl5kmnoFsgFFxsVlfL96rZKABj4GM/KaY1/h/RTbJ/ccyaaVaUZ0ibDYZ/u o3uZ0vCXK//+k9OfVYzXXXL8NnNwcLPEvE30zsdBaNl1QVJfcCbJyIQ9nb0uFd5d7uMm P5sQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from :to:cc:subject:date; bh=V2YsCNt5t9pj/Uf6o9g+Of5RsLcFd+DZcVRNqo2PkNc=; b=oMUGPGovg25lFyJW7lRoHZoynjPlj/N4VWPMKrTaAm9Lw6Tx4kcwUlJTSSEHoX4YjL Fz5I9re1EOEPexx2CFqkPVN/OiWR/R2nhknR5/wfuSr/k2viInAVtjy1uKrUL15WHODu 186W3Q94okjpmzPMGpAJKLQbHQEHwdmzoSWYlPtrf/JGWBxfEO5flXjZsSzoO8SjkLjX ALzXT1GHP7Hd036H6S8GEJzg27xNCmoTXkHYnY+8XkkiybSm2LNN2U3NC51O2FERO/6v puMp1EjKyi4u12F+sZ8YHlT7OZVNa8QBhsz2ggyJzVQrbpBWSxyJTTSmjjcC6UqRA9La 61wg== X-Gm-Message-State: ACgBeo3XbZ3PY579EpnLxXdwYlINjh/WsNa8CAbf9TA+3wIPGc1MYthN 5r9BdUgrf5lYk0d1cfgMhBs= X-Google-Smtp-Source: AA6agR4oXhC4QyiUrbH//jPdhReRoAs/dzz3ZCO1VwMsnqL02yi4l/LOokbAVH+p3ub0aMu2QBZp1w== X-Received: by 2002:a17:906:7304:b0:6ff:a76:5b09 with SMTP id di4-20020a170906730400b006ff0a765b09mr10190791ejc.193.1662739807837; Fri, 09 Sep 2022 09:10:07 -0700 (PDT) Received: from nijino.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id z20-20020a170906715400b0073d65a95161sm421365ejj.222.2022.09.09.09.10.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Sep 2022 09:10:07 -0700 (PDT) Message-ID: <0b97c774c903f45cb9ca3efbb12d55459d7d45c8.camel@HIDDEN> Subject: Re: pkexec: PATH environment variable From: Liliana Marie Prikler <liliana.prikler@HIDDEN> To: Hamzeh Nasajpour <h.nasajpour@HIDDEN>, 52011 <at> debbugs.gnu.org Date: Fri, 09 Sep 2022 18:10:06 +0200 In-Reply-To: <538d2dd4-7777-49ad-b0e5-8ceb12d03c60@HIDDEN> References: <46b16bf3-e41c-4ccf-9817-879df6eeb8cb@HIDDEN> <57fde5d78af3ecc18b57191238cd81b0de65378e.camel@HIDDEN> <538d2dd4-7777-49ad-b0e5-8ceb12d03c60@HIDDEN> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 52011 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Am Sonntag, dem 28.11.2021 um 11:09 +0330 schrieb Hamzeh Nasajpour: > Hi Lillana, > > Thanks for your response and sorry for delay. > > > We could inject /run/current-system, given that /run likewise ought > > to be root-writable > > only, but I'm not sure how much that helps. The obvious solution > > is to > > use canonical (store) paths with pkexec. > > Honestly, I couldn't find out your solution. Can you clarify it? That is instead of writing "pkexec sh", write "pkexec /run/current- system/profile/bin/sh" or similar. Cheers
bug-guix@HIDDEN:bug#52011; Package guix.
Full text available.Received: (at 52011) by debbugs.gnu.org; 28 Nov 2021 07:40:29 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Nov 28 02:40:29 2021 Received: from localhost ([127.0.0.1]:34879 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mrEnU-0008KW-RV for submit <at> debbugs.gnu.org; Sun, 28 Nov 2021 02:40:29 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:34601) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <h.nasajpour@HIDDEN>) id 1mrEnP-0008KC-MQ for 52011 <at> debbugs.gnu.org; Sun, 28 Nov 2021 02:40:27 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 0F8DD5C0103; Sun, 28 Nov 2021 02:40:18 -0500 (EST) Received: from imap44 ([10.202.2.94]) by compute4.internal (MEProxy); Sun, 28 Nov 2021 02:40:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pantherx.org; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=14VeyXGzW8vk3Xb0dLopsQg4LeC+M0x UNEjZ5HeIzRY=; b=jGpjYHS1L7r0Dj0vAEOcb5px/ny9aIoDyHdEIOKJPWfozqR sSy3VK/KQ5/6d6Mo10fYTsJSQnw/XWP/eZQO4jiTlL8AZHbbFS+rVkvQ2bBecZpd SbyiH88MDTi3eRmCJQ3Nb+SJq6Yxq0wKERy+Y6PrdsKv80WfvZ5om2N6cyaRx5s7 H76dRV4TJTP4lTwu6ZkMuK1AySbwiYz746GEBqyV5nnxzEKoK6cR5ZSCxyzrLEUD G9MbMBHjNNbF7uSOiaQLALnrQ7TrSmmmm9wT54s/8wNpaCih6GfY4qAaZ9G0xON7 dqlgkiWY6A5KkCj8O7zfzfI6HuaUwc25AIB4B9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=14VeyX GzW8vk3Xb0dLopsQg4LeC+M0xUNEjZ5HeIzRY=; b=ZMD3wu9C8QqidNYFWEndZE pw51UNrKgbI7JHlCygT63t8YWnKOwDhKPLOFql6fyiZTc0ww/WcUcHLBBQ6NnuIp +ApcVghC/5KThTiAvquM3PoAlByrd2Ks/XvdVkR3DVM/zh65CZgUq4umBf5XA/tS oyAWi2Ux3AUOG4faHZLUFm8ECErG33pgbfxGMM7rNnVj3FeuIPVWCYuNcYQ/Nygn 813XufH5CFNuwOsnLMrNSHT2Js+ur7NQuMkU65z4TlEGU/pi351MuEYhDTKJvFCQ EkClI+ll+wKNRZz8LVOGY6m34Pe3ZEOWbCnGY14A8q9wS+9GpZd0RchIg3Sriq/Q == X-ME-Sender: <xms:YTKjYZtaAXp4qwpz2FnZ17zmzZTnsqTNF6StdogmHqaS6a0TrXpjQg> <xme:YTKjYSfy1GI0o-KU8TcXjcdBGHrKQsHelst8XgDZEfJ3aV8_VW1gNaIdWFTzYJaSP EYIrPw0AM1V4293OA> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrheehgdduudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdfjrghm iigvhhcupfgrshgrjhhpohhurhdfuceohhdrnhgrshgrjhhpohhurhesphgrnhhthhgvrh igrdhorhhgqeenucggtffrrghtthgvrhhnpefhheejheetheejfeelfffhffegteeuueek veevfedtieeuhfehleeludeiudeuheenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehhrdhnrghsrghjphhouhhrsehprghnthhhvghrgidrohhr gh X-ME-Proxy: <xmx:YTKjYcx8jmseOti-E0n3QfyyUeHweBNLxOjSKmPyHIzkxwZthd-3ZA> <xmx:YTKjYQPXvQjVancfZaSN2efNV-PoQuh-_DDbqf27a1pPecJXTnSTmQ> <xmx:YTKjYZ8CCVWS3uwHCwM2LpAl50S569LYUJG4thdJOQUX69cayntWvg> <xmx:YjKjYeKiQKhsYQu8R4oHbU-W89AqAisa95jT3sWngs03gs37fUlh0A> Received: by mailuser.nyi.internal (Postfix, from userid 501) id D21D8FA0AA6; Sun, 28 Nov 2021 02:40:17 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.5.0-alpha0-1371-g2296cc3491-fm-20211109.003-g2296cc34 Mime-Version: 1.0 Message-Id: <538d2dd4-7777-49ad-b0e5-8ceb12d03c60@HIDDEN> In-Reply-To: <57fde5d78af3ecc18b57191238cd81b0de65378e.camel@HIDDEN> References: <46b16bf3-e41c-4ccf-9817-879df6eeb8cb@HIDDEN> <57fde5d78af3ecc18b57191238cd81b0de65378e.camel@HIDDEN> Date: Sun, 28 Nov 2021 11:09:42 +0330 From: "Hamzeh Nasajpour" <h.nasajpour@HIDDEN> To: "Liliana Marie Prikler" <liliana.prikler@HIDDEN>, 52011 <at> debbugs.gnu.org Subject: Re: pkexec: PATH environment variable Content-Type: text/plain X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 52011 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Hi Lillana, Thanks for your response and sorry for delay. > We could inject /run/current-system, given that /run likewise ought to be root-writable > only, but I'm not sure how much that helps. The obvious solution is to > use canonical (store) paths with pkexec. Honestly, I couldn't find out your solution. Can you clarify it? Regards, -- Hamzeh Nasajpour PantherX Team
bug-guix@HIDDEN:bug#52011; Package guix.
Full text available.Received: (at 52011) by debbugs.gnu.org; 21 Nov 2021 14:52:37 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Nov 21 09:52:37 2021 Received: from localhost ([127.0.0.1]:44475 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mooCr-0005fG-Dp for submit <at> debbugs.gnu.org; Sun, 21 Nov 2021 09:52:37 -0500 Received: from mail-wr1-f68.google.com ([209.85.221.68]:42707) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>) id 1mooCm-0005ex-6N for 52011 <at> debbugs.gnu.org; Sun, 21 Nov 2021 09:52:35 -0500 Received: by mail-wr1-f68.google.com with SMTP id c4so27658723wrd.9 for <52011 <at> debbugs.gnu.org>; Sun, 21 Nov 2021 06:52:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:subject:from:to:date:in-reply-to:references:user-agent :mime-version:content-transfer-encoding; bh=OKggpluV2v0FgIRU5V4/ZoJ3p6nouMKd3AG8JbwWXuI=; b=dOmPhc6VUWHpBGrPqpE0LtmLWRtPT9JqdE3IfEUsu6fm6uwqLqpqdwSioyQonv8KHd VhRexQki1C3BJlQUuuH+nhCBprQksCfkUBUwV3IeFMg/HtcNQWivNk8j4agFGiLnbLXm hDQQOD6y8wRBYMvxoOwvDnvKM2Y+bC1XYnW/d4LIWBWGyvMKOOb8VjvwcAtKmnUiz9LU Kuu/BxFOz9HYVagVm+cFYw1wGOF4A5LN5QW7MzSRlXysJ+i20ULjSsliEcyXMj9utE7n HBB4IBENyjFBPS8njIJpnb3ECY7KxIKEAEYlIQJQpGpBLZxMkVeT6NkMQdd74QpcdKBu 5WVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=OKggpluV2v0FgIRU5V4/ZoJ3p6nouMKd3AG8JbwWXuI=; b=VzSkomueix/qioQeiLv7E4YvX/oKWah5M71xX3T2JuEK599Yh6MumTf7Fwr/9R2y9L 2BuoXnCrkzi0nOy2RUu+af3nNEsTqQGRl/AdT5YjiBOpURQD7Zyp3jE+kC/z7IBzGFiq 55p+bcI5icoTTE5Lmb8H65FkKasFGu69aCgzftACJPOV7swAJj1Mh4FBJ3MLg95YwaQ2 vkIjCRsDCipn1btiMDUhfu111WM0OvSqY80+7Q79DiPPrIGDN/RzX7EWMjBL7bMeZlHo EZbeG66sYwln/kM+y4z6w3VuhEPxjoP51alMXEGgl9rVuud6Nd8M+/2/dKUbK164qfuz YThw== X-Gm-Message-State: AOAM533UYLmIL89c5iKwrQKIlUIa4W2jzwFXQqQfaDcYT8JTNiYw3VSn u8zU6SQK4Ld+l5uXMqKh6QFSOFd5hsc= X-Google-Smtp-Source: ABdhPJx/bGBzsj0EdAPY3ByQEyhSKD+C/oDAgg1lXu/Sn9eqT4ntkkKyo4ghqBhuQiEikqQP2cvn0g== X-Received: by 2002:a5d:6147:: with SMTP id y7mr28209597wrt.217.1637506346193; Sun, 21 Nov 2021 06:52:26 -0800 (PST) Received: from nijino.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id o12sm8171607wrc.85.2021.11.21.06.52.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Nov 2021 06:52:25 -0800 (PST) Message-ID: <57fde5d78af3ecc18b57191238cd81b0de65378e.camel@HIDDEN> Subject: Re: pkexec: PATH environment variable From: Liliana Marie Prikler <liliana.prikler@HIDDEN> To: Hamzeh Nasajpour <h.nasajpour@HIDDEN>, 52011 <at> debbugs.gnu.org Date: Sun, 21 Nov 2021 15:52:24 +0100 In-Reply-To: <46b16bf3-e41c-4ccf-9817-879df6eeb8cb@HIDDEN> References: <46b16bf3-e41c-4ccf-9817-879df6eeb8cb@HIDDEN> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 52011 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi, Am Sonntag, den 21.11.2021, 11:33 +0330 schrieb Hamzeh Nasajpour: > The `PATH` environment variable is hard-code here: > > https://github.com/freedesktop/polkit/blob/master/src/programs/pkexec.c#L882-L886 > > We don't have any executable in these paths in guix: > ``` > /usr/sbin:/usr/bin:/sbin:/bin:/root/bin > ``` > > Replicate the issue: > 1. Run the `pkexec` > 2. Enter your password > 3. run `echo $PATH` in the opened terminal > 4. You will see this path: `/usr/sbin:/usr/bin:/sbin:/bin:/root/bin` > 5. You can't run most of the commands. (`ls`, `passwd`, `chpasswd` > and so on.) > > Expected Behavior: > Running all of the commands without any error. > > Isn't it? Should not we patch the `PATH` environment variable in > `pkexec` source codes? Either way, some applications like `lxqt- > admin-user` and `lxqt-admin-time` has an issue and they can't run the > commands via `pkexec`. I get this error when I want to change user > password via `lxqt-admin-user`. It's using `pkexec` to change > password. I'm getting some flashbacks from my ITSec courses here. pkexec is protecting itself against a malicious PATH attack. The paths are chosen somewhat arbitrarily, but on traditional distros this ought to ensure, that no privilege escalation occurs. We could inject /run/current-system, given that /run likewise ought to be root-writable only, but I'm not sure how much that helps. The obvious solution is to use canonical (store) paths with pkexec. Cheers
bug-guix@HIDDEN:bug#52011; Package guix.
Full text available.Received: (at submit) by debbugs.gnu.org; 21 Nov 2021 08:03:34 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Nov 21 03:03:34 2021 Received: from localhost ([127.0.0.1]:44064 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mohp0-0002lv-9K for submit <at> debbugs.gnu.org; Sun, 21 Nov 2021 03:03:34 -0500 Received: from lists.gnu.org ([209.51.188.17]:58600) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <h.nasajpour@HIDDEN>) id 1mohoy-0002ln-MT for submit <at> debbugs.gnu.org; Sun, 21 Nov 2021 03:03:32 -0500 Received: from eggs.gnu.org ([209.51.188.92]:59166) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <h.nasajpour@HIDDEN>) id 1mohoy-0000A7-IT for bug-guix@HIDDEN; Sun, 21 Nov 2021 03:03:32 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:45577) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <h.nasajpour@HIDDEN>) id 1mohow-0000w2-8V for bug-guix@HIDDEN; Sun, 21 Nov 2021 03:03:32 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 905A35C00CB for <bug-guix@HIDDEN>; Sun, 21 Nov 2021 03:03:27 -0500 (EST) Received: from imap44 ([10.202.2.94]) by compute4.internal (MEProxy); Sun, 21 Nov 2021 03:03:27 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pantherx.org; h= mime-version:message-id:date:from:to:subject:content-type; s= fm1; bh=RsJVCmKACiD9vePqZo3truO3tRgGJW9cYGt8jlK2cik=; b=fT1rU3Xj IN9/RFtyVgV8Y63cTZmN5fwfU4izCwVAwE7Brsrj81CC5Kl4BpsqZlmI+aW9maOd DBsn0WmP6VEvSk+YgUHakiTIYj00eTmYCtKUaIW5c/UGo+jE57VUFXaLjmnVd5Uz KHpbiZ+C0zBe1bFXvyLh8wXLp83xM/whQvQIjClewezO6eRT04b1gn0xnWGQ8mKJ Cl/pMAR+F7+xPYnQ9FldFMjj/jrsLSUA4K4UI05izvMyvwHDNq/C9lSPqIrfdtwL qqc8ByRC3wtxqpI2Xeqp3BniOjIIfYSmXuoyPJzCDHZwpYFuz+Xkf6e+xXDFh7PS OxPR7Cp0OMLXig== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=RsJVCmKACiD9vePqZo3truO3tRgGJ W9cYGt8jlK2cik=; b=jYaWVs2MM5Zo8tN9IrIKqoms55O8FJpCCvVRHUdUHnBOj QUVazKPoiOP10y3DBaCAZcTL3ARCtK1fCqKgFlSmrKgOyNdfpZ1BoQz0e1qgyOyo z3TpkI9OKugpf7rse5mKW2nIaV0yh2VaDdwVTGDw56t/X5dMYPWy9NVbdOlldxmk JkkZZiJuwTSu3YjclcHd68IIuLBONdCoZU4YXCnI2JuiYPDGwMcx6P9Wsl6fbShW nXSklRovbr6ynpF0DywXDfyXHKCk8A/cbQIDAwUmbVbgyCGz4U+6KrL6GEuPs60y ReABCfCDYdal7kLJLBpz4IaU4N5zBiukOQ3QvO0bA== X-ME-Sender: <xms:T_2ZYR_wemqJG08-1ju_ESuBTVfyJB2JFEswbXTCZdaT-GKq8-7Ipg> <xme:T_2ZYVsznlD_WJUoV8OiPQlZ6uG05GW9iEqMT0y8Pxk_VkoZ_vnsHQIgbog63sTaj KylEvn5W4gOHMGcig> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrgedugdduudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfjfgrmhiivghhucfprghsrghjphhouhhrfdcuoehhrdhnrghs rghjphhouhhrsehprghnthhhvghrgidrohhrgheqnecuggftrfgrthhtvghrnhepgeehtd efiefgtdekvdfghedvgeelheekvdfhgffhjeeuleeltdevleefhfelveffnecuffhomhgr ihhnpehgihhthhhusgdrtghomhdpphgrshhsfihorhgurdhruhhnnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhdrnhgrshgrjhhpohhurhes phgrnhhthhgvrhigrdhorhhg X-ME-Proxy: <xmx:T_2ZYfD3w67-VoN_ANgizL7UCwoskFQz-yogF9kY-V62JIavXtEIjQ> <xmx:T_2ZYVedVXBIH-k5C1oBL4WG6LJEI4lRjkeISGbwFbjmtYR7yYc7vw> <xmx:T_2ZYWPsR3rWTKzUqWKJrpWx-nDqqr360iYgS9wZJV7dAY6BCnFvaQ> <xmx:T_2ZYcafx5Y8Z7DR-Jqe3uZWG1tWKp2gXtN-u0y0z-C-C7dYTCKo5w> Received: by mailuser.nyi.internal (Postfix, from userid 501) id 4E298FA0AA6; Sun, 21 Nov 2021 03:03:27 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.5.0-alpha0-1371-g2296cc3491-fm-20211109.003-g2296cc34 Mime-Version: 1.0 Message-Id: <46b16bf3-e41c-4ccf-9817-879df6eeb8cb@HIDDEN> Date: Sun, 21 Nov 2021 11:33:05 +0330 From: "Hamzeh Nasajpour" <h.nasajpour@HIDDEN> To: bug-guix@HIDDEN Subject: pkexec: PATH environment variable Content-Type: text/plain Received-SPF: pass client-ip=66.111.4.26; envelope-from=h.nasajpour@HIDDEN; helo=out2-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.6 (--) The `PATH` environment variable is hard-code here: https://github.com/freedesktop/polkit/blob/master/src/programs/pkexec.c#L882-L886 We don't have any executable in these paths in guix: ``` /usr/sbin:/usr/bin:/sbin:/bin:/root/bin ``` Replicate the issue: 1. Run the `pkexec` 2. Enter your password 3. run `echo $PATH` in the opened terminal 4. You will see this path: `/usr/sbin:/usr/bin:/sbin:/bin:/root/bin` 5. You can't run most of the commands. (`ls`, `passwd`, `chpasswd` and so on.) Expected Behavior: Running all of the commands without any error. Isn't it? Should not we patch the `PATH` environment variable in `pkexec` source codes? Either way, some applications like `lxqt-admin-user` and `lxqt-admin-time` has an issue and they can't run the commands via `pkexec`. I get this error when I want to change user password via `lxqt-admin-user`. It's using `pkexec` to change password. ``` /run/current-system/profile/bin/lxqt-admin-user-helper: line 7: exec: passwd: not found ``` -- Hamzeh Nasajpour PantherX Team
"Hamzeh Nasajpour" <h.nasajpour@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#52011; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.