[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: usrmerge breaks POSIX

Thorsten Glaser <tg@mirbsd.de> writes:
> Dixi quod…
>> Russ Allbery dixit:

>>> My guess is that pkexec is calling realpath to canonicalize the path
>>> before checking for it in /etc/shells, although I have not confirmed
>>> this.

>> Now that would be weird and should be fixed…

> Another question that probably should be answered first is that why
> pkexec (whatever that is) checks against /etc/shells and if that’s
> correct.

Okay, I have done more research.  My speculation that pkexec might use
realpath was wrong.  It does only check the contents of the SHELL
environment variable.  See:

https://gitlab.freedesktop.org/polkit/polkit/-/blob/master/src/programs/pkexec.c?ref_type=heads#L343
https://gitlab.freedesktop.org/polkit/polkit/-/blob/master/src/programs/pkexec.c?ref_type=heads#L405

It does check whether $SHELL is found in /etc/shells.  So your question
about what is setting the $SHELL variable is a good one, although I think
I would still argue that it's not the most effective way to solve the
issue.

> I’d be really appreciative if I did not have to add extra nōn-canonical
> paths to /etc/shells for bugs in unrelated software.

I understand the appeal of that stance, but the problem with it is that
there is no enforcement of this definition of canonical.  I know that you
consider /bin/mksh to be the correct path, but /usr/bin/mksh is also
present and works exactly the same.  chsh will prevent unprivileged users
from changing their shell to the /usr/bin path because of /etc/shells, but
not if someone makes that change as root.  Also, I'm not sure useradd
cares, or possibly other ways of adding a user with a shell (Puppet, for
instance).  Or, for that matter, just editing /etc/passwd as root, which I
admit is how I usually set the shells of users because I've been using
UNIX for too long.

Having only the /bin paths is fragile because it creates an expectation
that every user who sets the shell is going to know that /bin/mksh is the
correct path and /usr/bin/mksh is the wrong path and will not use the
latter.  I'm not sure how they're supposed to receive this information; I
don't think it's going to be obvious to everyone who may be involved in
setting the shell.  We can tell everyone who ends up with /usr/bin/mksh
that they need to change it to /bin/mksh, but this seems kind of tedious
and annoying, and I'm not seeing the downside to registering both paths.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>
Reply to: