New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

90captive_portal_test: drop insecure PATH elements #39

Open
decathorpe opened this Issue Oct 17, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@decathorpe
Copy link
Contributor

decathorpe commented Oct 17, 2018

The fedora package security check complains about this:

   "code" : "SuspiciousPath",
   "context" : {
      "excerpt" : [
         "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
      ],
      "path" : "/etc/NetworkManager/dispatcher.d/90captive_portal_test"
   },
   "diag" : "Potentially insecure PATH element <tt>/local</tt>",
   "subpackage" : "elementary-capnet-assist"

I think that means it wants /usr/local/sbin and /usr/local/bin removed from the PATH variable.

I guess those PATH entries are there because they are / were useful for testing or debugging ... but for release builds, they should be dropped.


Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

CameronNemo added a commit to CameronNemo/capnet-assist that referenced this issue Oct 18, 2018

Rewrite nm-dispatcher script:
* No longer redefine path (closes elementary#39)
* Detect captive portal in-script
* Wait for gnome-session rather than nm-applet
* Timeout after 90s of waiting
* Switch from su to runuser

@CameronNemo CameronNemo referenced a pull request that will close this issue Oct 18, 2018

Open

Rewrite nm-dispatcher script #40

CameronNemo added a commit to CameronNemo/capnet-assist that referenced this issue Oct 18, 2018

Rewrite nm-dispatcher script:
* No longer redefine path (closes elementary#39)
* Detect captive portal in-script
* Wait for gnome-session rather than nm-applet
* Timeout after 90s of waiting
* Switch from su to runuser
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment