bug#31814: setuid programs are not first in PATH

[Clément Lassieur]

Hello Ludovic,

Ludovic Courtès <address@hidden> writes:

> Hello Clément,
>
> Clément Lassieur <address@hidden> skribis:
>
>> sourcing /etc/profile
>>
>> - prepends /run/setuid-programs to $PATH
>> - then sources $HOME/.guix-profile/etc/profile
>>
>> and sourcing $HOME/.guix-profile/etc/profile
>>
>> - prepends $HOME/.guix-profile/bin to $PATH
>> - prepends $HOME/.guix-profile/sbin to $PATH
>>
>> so in the end, $PATH looks like:
>>
>> ~/.config/guix/current/bin:~/.guix-profile/bin:~/.guix-profile/sbin:/run/setuid-programs:...
>>
>> and a command like 'ping' is found in ~/.guix-profile/bin, which makes
>> it unusable.
>
> AFAICS this is not a regression, but it can be fixed this way:

No it's not a regression.  I've had the fix locally for a long time.

> diff --git a/gnu/system.scm b/gnu/system.scm
> index 7cb12a827..d367307a2 100644
> --- a/gnu/system.scm
> +++ b/gnu/system.scm
> @@ -616,9 +616,6 @@ unset PATH
>  GUIX_PROFILE=/run/current-system/profile ; \\
>  . /run/current-system/profile/etc/profile
>  
> -# Prepend setuid programs.
> -export PATH=/run/setuid-programs:$PATH
> -
>  # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
>  # loaded when someone logs in via SSH.  See <http://bugs.gnu.org/22175>.
>  # We need 'PATH' to be defined here, for 'cat' and 'cut'.  Do this before
> @@ -645,6 +642,9 @@ do
>    fi
>  done
>  
> +# Prepend setuid programs.
> +export PATH=/run/setuid-programs:$PATH
> +
>  # Arrange so that ~/.config/guix/current/share/info comes first.
>  export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"

Yes this sounds good.

> In the example you give (inetutils), I suppose users want
> /run/setuid-programs/ping to come first.  I wonder if there are
> situations where the current behavior is desirable; maybe not.
>
> Thoughts?

I can't think of any situations where the current behavior is desirable.

Thank you,
Clément