Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 939157

Summary: app-admin/sudo: PATH values from profile.env may be ignored in merge-usr
Product: Gentoo Linux Reporter: konsolebox <konsolebox>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: UNCONFIRMED ---    
Severity: normal CC: gentoo, konsolebox
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 690294    

Description konsolebox 2024-09-06 05:14:24 UTC 
PATH may be ignored here:

```
set_secure_path() {
	# First extract the default ROOTPATH from build env
	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")

	case "${SECURE_PATH}" in
		*/usr/sbin*)
			;;
		*)
			SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
			;;
	esac

	if [[ -z ${SECURE_PATH} ]] ; then
		ewarn "	Failed to detect SECURE_PATH, please report this"
	fi
```
Because sys-apps/baselayout strips /usr/sbin and /sbin:
```
src_prepare() {
	default

	# don't want symlinked directories in PATH on systems with usr-merge
	if ! use split-usr && ! use prefix-guest; then
		sed \
			-e 's|:/usr/sbin:|:|g' \
			-e 's|:/sbin:|:|g' \
			-e 's|:/bin:|:|g' \
			-i etc/env.d/50baselayout || die
	fi
```

Reproducible: Always
Comment 1 Mike Gilbert gentoo-dev 2024-09-07 14:38:57 UTC 
I'm not sure what you are trying to say here. Please restate.
Comment 2 konsolebox 2024-09-08 03:07:40 UTC 
I got a bit confused.  It's not PATH that's ignored here but ROOTPATH.

For the sake of explanation, the relevant code can be simplified to:


```
SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")

if [[ ${SECURE_PATH} != */usr/sbin/* ]]; then
	SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
fi

```

In a merge-usr system, `[[ ${SECURE_PATH} != */usr/sbin/* ]]` is always false  and ROOTPATH is never used.  That's the issue.

The src_prepare snippet I gave is part of a sys-apps/baselayout ebuild. It strips /usr/sbin and /sbin from the generated values saved in /etc/env.d/50baselayout, which includes values of ROOTPATH and PATH, when system is not split-usr.

I hope I elaborated enough.
Comment 3 konsolebox 2024-09-08 03:10:00 UTC 
I mean [[ ${SECURE_PATH} != */usr/sbin/* ]] is always true sorry.  Already negated.
Comment 4 Matt Whitlock 2024-09-08 13:33:51 UTC 
I thought ROOTPATH had been deprecated a long time ago since it was decided at some point that dividing binaries between "bin" and "sbin" is too arbitrary, which is also why merged-usr merges those directories as well. In other words, sudo shouldn't need to use ROOTPATH anyway.