From pst@jnx.com  Fri Feb 14 09:42:43 1997
Received: from red.jnx.com (red.jnx.com [208.197.169.254])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA18041
          for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Feb 1997 09:42:42 -0800 (PST)
Received: from base.jnx.com (base.jnx.com [208.197.169.238]) by red.jnx.com (8.8.5/8.8.3) with ESMTP id JAA19689 for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Feb 1997 09:42:11 -0800 (PST)
Received: (from pst@localhost) by base.jnx.com (8.7.6/8.7.3) id JAA16017; Fri, 14 Feb 1997 09:42:05 -0800 (PST)
Message-Id: <199702141742.JAA16017@base.jnx.com>
Date: Fri, 14 Feb 1997 09:42:05 -0800 (PST)
From: Paul Traina <pst@jnx.com>
Reply-To: pst@jnx.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: pkg_* uses relative paths to executables
X-Send-Pr-Version: 3.2

>Number:         2734
>Category:       bin
>Synopsis:       pkg_* uses relative paths to executables
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    jkh
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 14 09:50:01 PST 1997
>Closed-Date:    Mon Sep 7 20:15:56 PDT 1998
>Last-Modified:  Mon Sep  7 20:28:56 PDT 1998
>Originator:     Paul Traina
>Release:        FreeBSD 2.2-CURRENT i386
>Organization:
Juniper Networks
>Environment:

2.2

>Description:

Relative paths are used throughout pkg_* to spawn executables.  This
should probably be changed (I'm not going to mention the security
implications, because using system is inherantly insecure...actually
I will...)

>How-To-Repeat:

If you try to install something with pkg_add, and /usr/sbin isn't in your
path, it won't find chown.

>Fix:

Actually, the easiest fix (and best fix) would be to modify PATH at
the start to include all dependant locations.  While we're in there,
fixing IFS might also make sense from a security standpoint.
	

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->jkh 
Responsible-Changed-By: pst 
Responsible-Changed-When: Fri Feb 14 09:53:02 PST 1997 
Responsible-Changed-Why:  
Package is jordan's 
State-Changed-From-To: open->closed 
State-Changed-By: jkh 
State-Changed-When: Mon Sep 7 20:15:56 PDT 1998 
State-Changed-Why:  
Suggested fix made, thanks. 
>Unformatted:
