[Adduser-devel] Bug#214546: adduser complains about insecure PATH setting when running setuid

Christoph Berg myon at debian.org
Thu Jun 28 21:00:25 UTC 2007

found 214546 3.103

Re: Joerg Hoh 2007-06-24 <200706241150.14134.joerg at joerghoh.de>
> Since the rewrite some time ago (and the introduction of "use strict") the 
> usage of the perl security features in adduser has been improved. Is this 
> problem still valid? 

Just tried it, still doesn't work:

$ tail -1 /etc/super.tab 
adduser /usr/sbin/adduser cb env=PATH

$ super adduser foo
Adding user `foo' ...
Adding new group `foo' (1012) ...
Insecure $ENV{PATH} while running setuid at
/usr/share/perl5/Debian/AdduserCommon.pm line 161.

[exit 2]

cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070628/3535ab4e/attachment.pgp 

More information about the Adduser-devel mailing list