From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14525 invoked by alias); 12 Sep 2014 23:04:01 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 14514 invoked by uid 89); 12 Sep 2014 23:04:01 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.2 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Fri, 12 Sep 2014 23:04:00 +0000 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s8CN3wOc004220 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 12 Sep 2014 19:03:58 -0400 Received: from [10.3.113.7] ([10.3.113.7]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s8CN3wEU031969 for ; Fri, 12 Sep 2014 19:03:58 -0400 Message-ID: <54137BDE.6040907@redhat.com> Date: Fri, 12 Sep 2014 23:06:00 -0000 From: Eric Blake User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: Cannot exec() program outside of /bin if PATH is unset References: <5413271B.1010109@t-online.de> <54134A83.80107@redhat.com> <54135451.3060902@t-online.de> <601154762.20140913012935@yandex.ru> <541378C4.6030705@t-online.de> In-Reply-To: <541378C4.6030705@t-online.de> OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="49nAf5oXojHRDmfvgS6vVCk9xxgpFR9XS" X-IsSubscribed: yes X-SW-Source: 2014-09/txt/msg00219.txt.bz2 --49nAf5oXojHRDmfvgS6vVCk9xxgpFR9XS Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-length: 1135 On 09/12/2014 04:50 PM, Christian Franke wrote: > Andrey Repin wrote: >>> Hmm... is postfix actually broken? >>> Unsetting PATH is IMO sane (from the POSIX POV) if all exec() calls use >>> absolute path names. >> If all exec() calls are made with full paths, unsetting $PATH does not >> improve >> security in any way, >=20 > Of course. But postfix could be configured to run "unknown" external > programs through its various daemons. In this case, a fixed (here: > empty) PATH improves security. If not convinced, please discuss with the > author of postfix :-) An empty PATH leaves it up to the implementation what helpers get run (if it doesn't fall over first), which is LESS secure than a guaranteed safe PATH of confstr(_CS_PATH). >=20 >=20 >> but leave underlying system in an inconsistent state. >=20 > I don't see any added inconsistencies, please explain. The moment you throw away the bare minimum POSIX-required PATH, you have introduced inconsistency into the environment you are handing to your child process. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --49nAf5oXojHRDmfvgS6vVCk9xxgpFR9XS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" Content-length: 539 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJUE3veAAoJEKeha0olJ0NqxWkIAJwQgKSJE7sgHH5A7qlUhqu1 nZMt6Ypkv+9f11yqbLnOFTTX93vuiTngiabulvxiFBvZkz/yV7IhE1FSD11ZxI8T EYrgvO6E+IqK96gj0rsH+tLWg0lVbT9y28LR7pIttpz7s9ozu9VK0AReWfrGcmzI NNp8bInorjfrJwZvclFYfb514A7q/COkktEcCykeuyvOymaN0XfhiXDL58EmVQMI 8e3ozFJYMl2EqIMgvt95b9zHx0qSP/Agsps4oApXNsiXL1E36x4zzXT7Z0mb3iZ1 0QnHoSXecVFzngoNiRUYAfU25T7hmYoL3PXONtOjHw3On4QIZaYW7Fc5Uv7J5t8= =r9i/ -----END PGP SIGNATURE----- --49nAf5oXojHRDmfvgS6vVCk9xxgpFR9XS--