| Message ID | 200906221636.25006.zzam@gentoo.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Mauro Carvalho Chehab |
| Headers | show |
On Mon, 2009-06-22 at 16:36 +0200, Matthias Schwarzott wrote: > Hi list! > > It seems the path to lsmod tool is hardcoded in the Makefile for out-of-tree > building of v4l-dvb. > Now at least gentoo has moved lsmod from /sbin to /bin. > Additionally it is bad style (or at least I am told so), to not rely on $PATH > but hardcode pathes for tools that should be in $PATH. It's a potential security hole to rely on $PATH instead of absolute paths when running a command as root. Since many of the commnads in the Makefile rely on $PATH, including executions of 'install' which usually would be run as root, I suppose secuirty concerns don't matter. -Andy > So the attached patch removes the hardcoded /sbin from the lsmod call. > > Signed-off-by: Matthias Schwarzott <zzam@gentoo.org> > > Regards > Matthias -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, 22 Jun 2009, Andy Walls wrote: > On Mon, 2009-06-22 at 16:36 +0200, Matthias Schwarzott wrote: > > Hi list! > > > > It seems the path to lsmod tool is hardcoded in the Makefile for out-of-tree > > building of v4l-dvb. > > Now at least gentoo has moved lsmod from /sbin to /bin. Won't your patch cause breakage for everyone who hasn't moved lsmod from /sbin and doesn't have sbin in the path? Which was, and perhaps still is, the most common situation? It would be better to do something that does not break things that used to work. > > Additionally it is bad style (or at least I am told so), to not rely on $PATH > > but hardcode pathes for tools that should be in $PATH. > > It's a potential security hole to rely on $PATH instead of absolute > paths when running a command as root. > > Since many of the commnads in the Makefile rely on $PATH, including > executions of 'install' which usually would be run as root, I suppose > secuirty concerns don't matter. > > -Andy > > > So the attached patch removes the hardcoded /sbin from the lsmod call. > > > > Signed-off-by: Matthias Schwarzott <zzam@gentoo.org> > > > > Regards > > Matthias > > -- > To unsubscribe from this list: send the line "unsubscribe linux-media" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, 22 Jun 2009, Andy Walls wrote: > On Mon, 2009-06-22 at 16:36 +0200, Matthias Schwarzott wrote: >> Hi list! >> >> It seems the path to lsmod tool is hardcoded in the Makefile for out-of-tree >> building of v4l-dvb. >> Now at least gentoo has moved lsmod from /sbin to /bin. Sorry, but is it considered impertinent to ask why that lsmod should be moved from /sbin (system binaries, and lsmod certainly is one of those) and stick it into /bin instead? Is there any cogent reason for doing a thing like that, which may have escaped my attention? Unless one is making some very small distro for some very small hardware and (say) one of /bin and /sbin is symlinked to the other, I find a change like that to be extremely puzzling. So, really. Why? Theodore Kilgore -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Dienstag, 23. Juni 2009, Andy Walls wrote: > On Mon, 2009-06-22 at 16:36 +0200, Matthias Schwarzott wrote: > > Hi list! > > > > It seems the path to lsmod tool is hardcoded in the Makefile for > > out-of-tree building of v4l-dvb. > > Now at least gentoo has moved lsmod from /sbin to /bin. > > Additionally it is bad style (or at least I am told so), to not rely on > > $PATH but hardcode pathes for tools that should be in $PATH. > > It's a potential security hole to rely on $PATH instead of absolute > paths when running a command as root. Shouldn't $PATH of root be considered safe? Else the distro or the system setup is doing something worse, and can't be improved by using fixed pathes in some scripts and Makefiles. Regards Matthias -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Dienstag, 23. Juni 2009, Trent Piepho wrote: > On Mon, 22 Jun 2009, Andy Walls wrote: > > On Mon, 2009-06-22 at 16:36 +0200, Matthias Schwarzott wrote: > > > Hi list! > > > > > > It seems the path to lsmod tool is hardcoded in the Makefile for > > > out-of-tree building of v4l-dvb. > > > Now at least gentoo has moved lsmod from /sbin to /bin. > > Won't your patch cause breakage for everyone who hasn't moved lsmod from > /sbin and doesn't have sbin in the path? Which was, and perhaps still is, > the most common situation? It would be better to do something that does > not break things that used to work. root without sbin in path is bad and broken, isn't it? If you really think this is too common, we could add PATH=/sbin:/bin:$PATH at the start of the Makefile. Regards Matthias -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Dienstag, 23. Juni 2009, Theodore Kilgore wrote: > On Mon, 22 Jun 2009, Andy Walls wrote: > > On Mon, 2009-06-22 at 16:36 +0200, Matthias Schwarzott wrote: > >> Hi list! > >> > >> It seems the path to lsmod tool is hardcoded in the Makefile for > >> out-of-tree building of v4l-dvb. > >> Now at least gentoo has moved lsmod from /sbin to /bin. > > Sorry, but is it considered impertinent to ask why that lsmod should be > moved from /sbin (system binaries, and lsmod certainly is one of those) > and stick it into /bin instead? Is there any cogent reason for doing a /sbin are binaries that only root should use. But lsmod can be used by users, too. Suse also has only /bin/lsmod I think. I don't know too much about the reason for the move, but it was long ago - version 0.9.11 contained that move and was released around year 2003. Gentoo ebuild added /sbin/lsmod as compat symlink for things still hardcoding the path, but that was removed 2009 - 6 years should be enough. > thing like that, which may have escaped my attention? Unless one is making > some very small distro for some very small hardware and (say) one of /bin > and /sbin is symlinked to the other, I find a change like that to be > extremely puzzling. So, really. Why? For a real answer to "why", do ask module-init-tools maintainer. Regards Matthias -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 23 Jun 2009, Matthias Schwarzott wrote: > > On Mon, 2009-06-22 at 16:36 +0200, Matthias Schwarzott wrote: > > > It seems the path to lsmod tool is hardcoded in the Makefile for > > > out-of-tree building of v4l-dvb. > > > Shouldn't $PATH of root be considered safe? Else the distro or the system I believe make will set the variable whenever the makefile is used, even when building as non-root. It turns out that it was just lsmod with no path originally, but Michael Krufky changed it back in 2005 (commit b0e7b40744ef) to have a hardcoded path. Then later in commit c91e7f84a1d6 the only use of 'v4l_modules' was deleted, so we can just delete this line and not worry about sbin and paths. Mauro, Please pull from http://linuxtv.org/hg/~tap/fix for the following changeset: build: Remove module list cruft http://linuxtv.org/hg/~tap/fix?cmd=changeset;node=fb228bb1ad9f -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Dienstag, 23. Juni 2009, Trent Piepho wrote: > On Tue, 23 Jun 2009, Matthias Schwarzott wrote: > > > On Mon, 2009-06-22 at 16:36 +0200, Matthias Schwarzott wrote: > > > > It seems the path to lsmod tool is hardcoded in the Makefile for > > > > out-of-tree building of v4l-dvb. > > > > Shouldn't $PATH of root be considered safe? Else the distro or the system > > I believe make will set the variable whenever the makefile is used, even > when building as non-root. > > It turns out that it was just lsmod with no path originally, but Michael > Krufky changed it back in 2005 (commit b0e7b40744ef) to have a hardcoded > path. Then later in commit c91e7f84a1d6 the only use of 'v4l_modules' was > deleted, so we can just delete this line and not worry about sbin and > paths. > > Mauro, > > Please pull from http://linuxtv.org/hg/~tap/fix > > for the following changeset: > > build: Remove module list cruft > http://linuxtv.org/hg/~tap/fix?cmd=changeset;node=fb228bb1ad9f Hi Mauro! is there any reason to not pull this besides time? Regards Matthias -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Em Tue, 21 Jul 2009 09:14:36 +0200 Matthias Schwarzott <zzam@gentoo.org> escreveu: > Hi Mauro! > > is there any reason to not pull this besides time? Time is one reason, however, there's another: It is not a good idea to run as root. Most people compile everything with a normal user and then use "sudo" command to install/remove/insert modules. Unfortunately, depending on the distribution, sudo inherits PATH from the normal user, instead of root. Due to that, if you replace it for just lsmod, it will fail for people that don't use gentoo. Maybe good solution is to test if lsmod (and other similar tools) are at /sbin or /usr/sbin. Alternatively, we can try to replace lsmod by something like (untested): v4l_modules := $(shell PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin lsmod|cut -d' ' -f1 ) $(patsubst %.ko,%,$(inst-m)) > > Regards > Matthias > -- > To unsubscribe from this list: send the line "unsubscribe linux-media" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html Cheers, Mauro -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, 27 Jul 2009, Mauro Carvalho Chehab wrote: > Em Tue, 21 Jul 2009 09:14:36 +0200 > Matthias Schwarzott <zzam@gentoo.org> escreveu: > It is not a good idea to run as root. Most people compile everything > with a normal user and then use "sudo" command to install/remove/insert > modules. Unfortunately, depending on the distribution, sudo inherits PATH from > the normal user, instead of root. Due to that, if you replace it for just > lsmod, it will fail for people that don't use gentoo. > > Maybe good solution is to test if lsmod (and other similar tools) are at /sbin > or /usr/sbin. > > Alternatively, we can try to replace lsmod by something like (untested): > > v4l_modules := $(shell PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin lsmod|cut -d' ' -f1 ) $(patsubst %.ko,%,$(inst-m)) Check my patch again, we can just delete the v4l_modules line as nothing uses it. -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff -r 65ec132f20df v4l/Makefile --- a/v4l/Makefile Wed May 27 15:53:00 2009 -0300 +++ b/v4l/Makefile Thu May 28 10:05:04 2009 +0200 @@ -196,7 +196,7 @@ inst-m := $(obj-m) endif -v4l_modules := $(shell /sbin/lsmod|cut -d' ' -f1 ) $(patsubst %.ko,%,$(inst-m)) +v4l_modules := $(shell lsmod|cut -d' ' -f1 ) $(patsubst %.ko,%,$(inst-m)) ################################################# # locales seem to cause trouble sometimes.
Hi list! It seems the path to lsmod tool is hardcoded in the Makefile for out-of-tree building of v4l-dvb. Now at least gentoo has moved lsmod from /sbin to /bin. Additionally it is bad style (or at least I am told so), to not rely on $PATH but hardcode pathes for tools that should be in $PATH. So the attached patch removes the hardcoded /sbin from the lsmod call. Signed-off-by: Matthias Schwarzott <zzam@gentoo.org> Regards Matthias