diff options
author | Max Rees <maxcrees@me.com> | 2019-05-30 05:21:39 -0400 |
---|---|---|
committer | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2019-06-01 05:25:29 +0000 |
commit | 5ab32da26eab7805e9c718e390e6227fd910a9b8 (patch) | |
tree | 3197e4478bd9ace2fd6119bd69a5950d0b27dfe5 /system | |
parent | d448f4e0c6a17170cad364b25d7208c29ac7604e (diff) | |
download | packages-5ab32da26eab7805e9c718e390e6227fd910a9b8.tar.gz packages-5ab32da26eab7805e9c718e390e6227fd910a9b8.tar.bz2 packages-5ab32da26eab7805e9c718e390e6227fd910a9b8.tar.xz packages-5ab32da26eab7805e9c718e390e6227fd910a9b8.zip |
system/adelie-base: reset PATH in addgroup, adduser
Since addgroup and adduser can potentially be called by any user in the
"abuild" group with an arbitrary PATH via the setuid binary abuild-sudo
(by way of the abuild-adduser and abuild-addgroup symlinks, used in the
"mkusers" step of abuild), PATH should be reset before execing groupadd
and useradd.
Diffstat (limited to 'system')
-rw-r--r-- | system/adelie-base/APKBUILD | 6 | ||||
-rwxr-xr-x | system/adelie-base/addgroup | 1 | ||||
-rwxr-xr-x | system/adelie-base/adduser | 1 |
3 files changed, 5 insertions, 3 deletions
diff --git a/system/adelie-base/APKBUILD b/system/adelie-base/APKBUILD index d44c77d41..ccdf74a65 100644 --- a/system/adelie-base/APKBUILD +++ b/system/adelie-base/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=adelie-base pkgver=0.9.2 -pkgrel=0 +pkgrel=1 pkgdesc="The Adélie Linux Base System" url="https://www.adelielinux.org/" arch="noarch" @@ -102,5 +102,5 @@ docs() { sha512sums="e57895cb8076ffb761802694eebe3f6ea63295ae63b33ce2b4cc21fcc0bd004c2e2f1d46b30072fc8c268dda0180444b6ead7b81a0ecc523250e5512970197e6 adelie-base-0.9.2.tar.xz 37260d9315fd8d8b0df3dfb5bd3e1035a47ba1e43f33aa195e3feca6d169da282c1b067ef4603e7e9acaedbfef8b58cf490c00bdca444d43c9d570355ad29eac group 1288d9d1ee77e1159bacbc94a44b2ae9c6dff94c5001be6e560cd5859f86181c47341317025d4999bc7d57cfcebb7974804514d981b7bd66ffd00c5edaf5360c passwd -5b87e0c73e7d73715467b09c9c228b14abfdc1567b3d8a3e6ef86694a9d016c798c22411c9c8ccf41920fbe185199f6d6dbd45d4bceb6652ab4a7bea87c4fe51 addgroup -f50be377c781b1eefb1804ac9d96b4ebc64f80abe0d12b288413687a000e79ca30c531bbced2c63f9e4df59b1d8a71d0eda09ee82782eaafea453f2f1c2f7b8f adduser" +f2437ebfbc83aa6eaeec3a111aae98751215cebfaec3991ccc511be8c8938778ae46f15e07c7306bd431d036bc4ba49b33b724b839c125bd882d2e93c0314ae8 addgroup +2f97bb4b24d9ea8d8d3001bb0cd0aac4b65caff75d25b172f9e925c55185183c2d4b54d9949cd8d43ca74c003a8590f2b98a119696075507f513b549fac94476 adduser" diff --git a/system/adelie-base/addgroup b/system/adelie-base/addgroup index 27a523d75..831f44374 100755 --- a/system/adelie-base/addgroup +++ b/system/adelie-base/addgroup @@ -5,6 +5,7 @@ # Copyright © 2017 A. Wilcox. All rights reserved. # Licensed under the terms of the NCSA Open Source license. # +export PATH=/bin:/usr/bin:/sbin:/usr/sbin ARG= CMDLINE= diff --git a/system/adelie-base/adduser b/system/adelie-base/adduser index 5c458045d..a3c1b9fbe 100755 --- a/system/adelie-base/adduser +++ b/system/adelie-base/adduser @@ -5,6 +5,7 @@ # Copyright © 2017 A. Wilcox. All rights reserved. # Licensed under the terms of the NCSA Open Source license. # +export PATH=/bin:/usr/bin:/sbin:/usr/sbin # The GECOS for the new user. GECOS="Linux User,,," |