[packagekit] PATH missing in backends
Richard Hughes
hughsient at gmail.com
Mon Jan 7 10:12:42 PST 2008
On Mon, 2008-01-07 at 14:03 +0000, Thomas Wood wrote:
> > IIRC, all the env vars are unset by pk_spawn for security's sake.
> I guess that sort of makes sense, but unfortunately I have just
> discovered the reason Ipkg needs PATH is because it spawns wget to
> download packages...
Well, in src/pk-main.c we do clearenv - we don't need to - but it
prevents packagekitd being run differently when being run system
activated and when being run manually.
In src/pk-spawn.c we do a g_spawn_async_with_pipes with no environment,
which Ken is correct is for security. This is the sort of security from
the "I don't know what is unsafe, so pass nothing" school, and can
certainly be improved by someone who knows better than me.
It would certainly be valid to preserve PATH, but the question is why
you would want to. Why goes wget rely on PATH?
Cheers,
Richard.
More information about the PackageKit
mailing list