summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-05-30 05:21:39 -0400
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2019-06-01 05:25:29 +0000
commit5ab32da26eab7805e9c718e390e6227fd910a9b8 (patch)
tree3197e4478bd9ace2fd6119bd69a5950d0b27dfe5
parentd448f4e0c6a17170cad364b25d7208c29ac7604e (diff)
downloadpackages-5ab32da26eab7805e9c718e390e6227fd910a9b8.tar.gz
packages-5ab32da26eab7805e9c718e390e6227fd910a9b8.tar.bz2
packages-5ab32da26eab7805e9c718e390e6227fd910a9b8.tar.xz
packages-5ab32da26eab7805e9c718e390e6227fd910a9b8.zip
system/adelie-base: reset PATH in addgroup, adduser
Since addgroup and adduser can potentially be called by any user in the "abuild" group with an arbitrary PATH via the setuid binary abuild-sudo (by way of the abuild-adduser and abuild-addgroup symlinks, used in the "mkusers" step of abuild), PATH should be reset before execing groupadd and useradd.
-rw-r--r--system/adelie-base/APKBUILD6
-rwxr-xr-xsystem/adelie-base/addgroup1
-rwxr-xr-xsystem/adelie-base/adduser1
3 files changed, 5 insertions, 3 deletions
diff --git a/system/adelie-base/APKBUILD b/system/adelie-base/APKBUILD
index d44c77d41..ccdf74a65 100644
--- a/system/adelie-base/APKBUILD
+++ b/system/adelie-base/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=adelie-base
pkgver=0.9.2
-pkgrel=0
+pkgrel=1
pkgdesc="The Adélie Linux Base System"
url="https://www.adelielinux.org/"
arch="noarch"
@@ -102,5 +102,5 @@ docs() {
sha512sums="e57895cb8076ffb761802694eebe3f6ea63295ae63b33ce2b4cc21fcc0bd004c2e2f1d46b30072fc8c268dda0180444b6ead7b81a0ecc523250e5512970197e6 adelie-base-0.9.2.tar.xz
37260d9315fd8d8b0df3dfb5bd3e1035a47ba1e43f33aa195e3feca6d169da282c1b067ef4603e7e9acaedbfef8b58cf490c00bdca444d43c9d570355ad29eac group
1288d9d1ee77e1159bacbc94a44b2ae9c6dff94c5001be6e560cd5859f86181c47341317025d4999bc7d57cfcebb7974804514d981b7bd66ffd00c5edaf5360c passwd
-5b87e0c73e7d73715467b09c9c228b14abfdc1567b3d8a3e6ef86694a9d016c798c22411c9c8ccf41920fbe185199f6d6dbd45d4bceb6652ab4a7bea87c4fe51 addgroup
-f50be377c781b1eefb1804ac9d96b4ebc64f80abe0d12b288413687a000e79ca30c531bbced2c63f9e4df59b1d8a71d0eda09ee82782eaafea453f2f1c2f7b8f adduser"
+f2437ebfbc83aa6eaeec3a111aae98751215cebfaec3991ccc511be8c8938778ae46f15e07c7306bd431d036bc4ba49b33b724b839c125bd882d2e93c0314ae8 addgroup
+2f97bb4b24d9ea8d8d3001bb0cd0aac4b65caff75d25b172f9e925c55185183c2d4b54d9949cd8d43ca74c003a8590f2b98a119696075507f513b549fac94476 adduser"
diff --git a/system/adelie-base/addgroup b/system/adelie-base/addgroup
index 27a523d75..831f44374 100755
--- a/system/adelie-base/addgroup
+++ b/system/adelie-base/addgroup
@@ -5,6 +5,7 @@
# Copyright © 2017 A. Wilcox. All rights reserved.
# Licensed under the terms of the NCSA Open Source license.
#
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
ARG=
CMDLINE=
diff --git a/system/adelie-base/adduser b/system/adelie-base/adduser
index 5c458045d..a3c1b9fbe 100755
--- a/system/adelie-base/adduser
+++ b/system/adelie-base/adduser
@@ -5,6 +5,7 @@
# Copyright © 2017 A. Wilcox. All rights reserved.
# Licensed under the terms of the NCSA Open Source license.
#
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
# The GECOS for the new user.
GECOS="Linux User,,,"