From 3b2899a8c4ca1fa2551bfa5d149e069868d8dc31 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Wed, 7 May 2025 12:32:11 +0200 Subject: [PATCH] setpriv: follow /etc/login.defs for PATH The patch also cleans up the --reset-env description in the man page. Fixes: https://github.com/util-linux/util-linux/issues/3560 Signed-off-by: Karel Zak --- meson.build | 2 +- sys-utils/Makemodule.am | 3 ++- sys-utils/setpriv.1.adoc | 7 +++++-- sys-utils/setpriv.c | 7 +++---- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/meson.build b/meson.build index 441dab8a2..e225454d7 100644 --- a/meson.build +++ b/meson.build @@ -2175,7 +2175,7 @@ exe = executable( 'setpriv', setpriv_sources, include_directories : includes, - link_with : [lib_common], + link_with : [lib_common, logindefs_c], dependencies : [lib_cap_ng], install_dir : usrbin_exec_dir, install : opt, diff --git a/sys-utils/Makemodule.am b/sys-utils/Makemodule.am index 1055312db..e6c3f85ac 100644 --- a/sys-utils/Makemodule.am +++ b/sys-utils/Makemodule.am @@ -592,7 +592,8 @@ usrbin_exec_PROGRAMS += setpriv MANPAGES += sys-utils/setpriv.1 dist_noinst_DATA += sys-utils/setpriv.1.adoc setpriv_SOURCES = sys-utils/setpriv.c \ - lib/caputils.c + lib/caputils.c \ + lib/logindefs.c dist_noinst_HEADERS += sys-utils/setpriv-landlock.h if HAVE_LINUX_LANDLOCK_H setpriv_SOURCES += sys-utils/setpriv-landlock.c diff --git a/sys-utils/setpriv.1.adoc b/sys-utils/setpriv.1.adoc index 66a087b87..a5b30159b 100644 --- a/sys-utils/setpriv.1.adoc +++ b/sys-utils/setpriv.1.adoc @@ -121,9 +121,12 @@ Load raw BPF seccomp filter code from a file. Filters can for example be created with *enosys*. *--reset-env*:: -Clears all the environment variables except *TERM*; initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME* according to the user's passwd entry; sets *PATH* to _/usr/local/bin:/bin:/usr/bin_ for a regular user and to _/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin_ for root. +* clears all the environment variables except *TERM* environment variable +* initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME* according to the user's passwd entry +* the environment variable *SHELL* defaults to */bin/sh* if none is given in the user's passwd entry. +* resets *PATH* senvironment variable according to setting in _/etc/login.defs_ (*ENV_PATH*, *ENV_SUPATH* or *ENV_ROOTPATH* variables), or defaults to _/usr/local/bin:/bin:/usr/bin_ for a regular user and to _/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin_ for root. + -The environment variable *PATH* may be different on systems where _/bin_ and _/sbin_ are merged into _/usr_. The environment variable *SHELL* defaults to */bin/sh* if none is given in the user's passwd entry. +The environment variable *PATH* may be different on systems where _/bin_ and _/sbin_ are merged into _/usr_. include::man-common/help-version.adoc[] diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c index 433db6031..2fcf78add 100644 --- a/sys-utils/setpriv.c +++ b/sys-utils/setpriv.c @@ -46,6 +46,8 @@ #include "setpriv-landlock.h" #include "seccomp.h" +#include "logindefs.h" + #ifndef PR_SET_NO_NEW_PRIVS # define PR_SET_NO_NEW_PRIVS 38 #endif @@ -744,10 +746,7 @@ static void do_reset_environ(struct passwd *pw) xsetenv("USER", pw->pw_name, 1); xsetenv("LOGNAME", pw->pw_name, 1); - if (pw->pw_uid) - xsetenv("PATH", _PATH_DEFPATH, 1); - else - xsetenv("PATH", _PATH_DEFPATH_ROOT, 1); + logindefs_setenv_path(pw->pw_uid); } static uid_t get_user(const char *s, const char *err) -- 2.47.2