From owner-freebsd-bugs Fri Feb 14 09:50:08 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA18520 for bugs-outgoing; Fri, 14 Feb 1997 09:50:08 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA18513; Fri, 14 Feb 1997 09:50:04 -0800 (PST) Resent-Date: Fri, 14 Feb 1997 09:50:04 -0800 (PST) Resent-Message-Id: <199702141750.JAA18513@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, pst@jnx.com Received: from red.jnx.com (red.jnx.com [208.197.169.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA18041 for ; Fri, 14 Feb 1997 09:42:42 -0800 (PST) Received: from base.jnx.com (base.jnx.com [208.197.169.238]) by red.jnx.com (8.8.5/8.8.3) with ESMTP id JAA19689 for ; Fri, 14 Feb 1997 09:42:11 -0800 (PST) Received: (from pst@localhost) by base.jnx.com (8.7.6/8.7.3) id JAA16017; Fri, 14 Feb 1997 09:42:05 -0800 (PST) Message-Id: <199702141742.JAA16017@base.jnx.com> Date: Fri, 14 Feb 1997 09:42:05 -0800 (PST) From: Paul Traina Reply-To: pst@jnx.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/2734: pkg_* uses relative paths to executables Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 2734 >Category: bin >Synopsis: pkg_* uses relative paths to executables >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Feb 14 09:50:01 PST 1997 >Last-Modified: >Originator: Paul Traina >Organization: Juniper Networks >Release: FreeBSD 2.2-CURRENT i386 >Environment: 2.2 >Description: Relative paths are used throughout pkg_* to spawn executables. This should probably be changed (I'm not going to mention the security implications, because using system is inherantly insecure...actually I will...) >How-To-Repeat: If you try to install something with pkg_add, and /usr/sbin isn't in your path, it won't find chown. >Fix: Actually, the easiest fix (and best fix) would be to modify PATH at the start to include all dependant locations. While we're in there, fixing IFS might also make sense from a security standpoint. >Audit-Trail: >Unformatted: