cgi-bin-luci: set explicit PATH when run as CGI #1048
Conversation
|
Did you intentionally select a different PATH contents Reference to:
That may lead to unexpected results, as PATH is used to set precedence among co-existing variants of some tools (e.g. full wget before busybox wget etc.). |
github: fixes openwrt#1922 Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
gstrauss
force-pushed
the
feature_set_PATH_for_CGI
branch
from
7426246
to
be6d232
Compare
|
No, the difference in PATH is not intentional. I just fixed it to match and force-pushed an update to the pull request. Thanks for catching that. |
|
@jow- |
|
@jow- ping. Would you please take a look at this for hnyman and provide feedback? Thank you. |
|
@jow- I believe you included patches in openwrt/packages#1922 which addressed the underlying reason for this request, but still think it is good practice to explicitly set PATH for a script expected to run with root privileges. |
|
@jow- I believe you included patches in openwrt/packages#1922 which addressed the underlying reason for this request, but still think it is good practice to explicitly set PATH for a script expected to run with root privileges. |
| @@ -1,4 +1,10 @@ | |||
| #!/usr/bin/lua | |||
| #!/bin/sh | |||
There was a problem hiding this comment.
Out of my experience, but it looks a bit strange to me that the shebang is changed from lua to sh, when the majority of the code below is still lua.
There was a problem hiding this comment.
@hnyman: The shell script sets the PATH and then invokes lua. It is written as valid lua code. To my knowledge, it is not possible to set PATH in lua. This pull request is a portable way to do so for many/all versions of lua.
|
I do not like the path override here, especially as it does not adhere to the value of the Since the underlying issue is closed and since CGI does not guarantee a sane |
avoid strange behavior with execvp() when PATH is not set in environment (in which case confstr(_CS_PATH) should return something reasonable) reproducable running openwrt 15.05 and 15.05.1 and attempting to install a software package (e.g. libuuid) via LuCI (prior to openwrt/luci#1048). (openwrt/luci#1048) libuuid.postinst fails with status 255 on 15.05 and opkg segfaults in 15.05.1. This probably merits further exploration. Originally reported in openwrt/packages#1922 Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
cgi-bin-luci: set explicit PATH when run as CGI
github: fixes #1922
Signed-off-by: Glenn Strauss gstrauss@gluelogic.com