Likewise su should not screw with PATH

To: debian-devel@lists.debian.org
Subject: Likewise su should not screw with PATH
From: Greg Stark <gsstark@mit.edu>
Date: 19 Dec 1999 15:50:26 -0500
Message-id: <[🔎] 87so0yvenh.fsf@HSE-Montreal-ppp19485.qc.sympatico.ca>

Likewise this functionality from su is misguided:

       The  current  environment is passed to the new shell.  The
       value of $PATH is reset to /bin:/usr/bin for normal users,
       or /sbin:/bin:/usr/sbin:/usr/bin for the super user.  This
       may be changed with the ENV_PATH  and  ENV_SUPATH  defini-
       tions in /etc/login.defs.

This path should be 
 /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
for both root and normal users.

There is no security rationale for making root's life more difficult by making
it more awkward to run binaries installed locally -- binaries installed in
/usr/local by the administrator are no more or less secure than binaries
installed by the distribution. And none for making life more difficult by
making all of X more awkward for root to use -- especially as more and more
administrative functions use or require X.

Nor is there any rationale for making life more difficult when suing to other
users by making it more awkward to use programs /sbin or /usr/sbin such as
traceroute, lsmod, ifconfig.

The only rationale might be that in the case of a network outage where /usr
might be network mounted you might want to have PATH be entirely local.
However in that case it should be /bin:/sbin, and in that case you're probably
not using su to gain access anyways.

-- 
greg

Reply to:

Follow-Ups:
- Re: Likewise su should not screw with PATH
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: /etc/profile should include sbin in PATH
Next by Date: Re: /etc/profile should include sbin in PATH
Previous by thread: Re: /etc/profile should include sbin in PATH
Next by thread: Re: Likewise su should not screw with PATH
Index(es):
- Date
- Thread