On 12/02/12 20:52, Robert Millan wrote: > I recently applied this patch in mount to support /usr/sbin helpers: > > http://anonscm.debian.org/viewvc/glibc-bsd/trunk/freebsd-utils/debian/patches/044_mount_exec.diff?revision=4047&view=markup > > could you try rebuilding freebsd-utils without it?
Hi, I tested that /lib/freebsd/mount (for which /bin/mount is wrapper script) does accept a user-specified PATH when looking for a helper to execute. But fortunately it is not setuid (at least on my own Squeeze installation). If anyone allows the use of sudo for /bin/mount, that should reset the environment to something sane, so they should not be at risk. > If this patch is the problem, we could use execvP() instead (like upstream > did). I see that upstream previously searched /sbin then /usr/sbin, before rewriting it to use execvP with _PATH_SYSPATH which is "/rescue:/sbin:/usr/sbin". Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f382cdb.40...@pyro.eu.org
