envpaths(4)


envpaths -- paths permitted in environment variables

Description

The file /etc/default/envpaths contains a list of environment variables and paths that these variables are permitted to contain when a utility that uses these variables is invoked by a privileged process.

Applications or shell scripts that obtain privilege (such as setuid-on-exec and setgid-on-exec scripts) and that use their own message catalogs may fail because of the method the kernel uses to evaluate environment variables containing pathnames:

  1. The values of pathname-producing environment variables are checked by the kernel according to a set of internal rules. The locale-related environment variables (such as NLSPATH), LANG, and the LC_* variables (LC_ALL, LC_MESSAGES, etc.) are treated specially. If the contents of these variables contain no slashes, the contents are used as specified. In general for locale files, including catopen(3C) message catalogs used by for privileged processes, the file must have at least 004 read permission (S_IROTH). The same is true for getdate(3C) and the DATEMSK variable. For LC_MESSAGES, a more restrictive rule is used: it doesn't matter whether the file is readable; if LC_MESSAGES contains a slash, the pathname is rejected.

  2. Next, the pathname generated is checked against the contents of the /etc/default/envpaths file, if one exists. If an entry in this file permits use of the portion of the file system tree used by the pathname, it is permitted. The /etc/default/envpaths file has lines of the form
       VARNAME:/some/path/name
    
    Each such line is interpreted to mean that for environment variable VARNAME, any pathname used in an environment variable that begins with /some/path/name is permitted. If no matching entry is found, the pathname is rejected. If there is no /etc/default/envpaths file, the following default lines are assumed:
       TZ:/etc/TZ
       TZ:/usr/lib/locale/TZ
       NLSPATH:/usr/lib/locale
       NLSPATH:/usr/lib/nls/msg
       NLSPATH:/usr/dt/lib/nls/msg
    

    If a pathname in an environment variable of a privileged process fails either of the above tests, the process is not permitted to use the pathname.

For example, if you have your own setuid-on-exec program that has its own message catalogs that are not found by the default built-in NLSPATH string and do not have at least 004 read permission, you'll need to make them readable and add an entry to /etc/default/envpaths pointing to the location of the message catalogs. The built-in NLSPATH string is:

   /usr/lib/locale/%L/LC_MESSAGES/%A/%N:/usr/lib/locale/%L/LC_MESSAGES/%A/%N.cat:/usr/lib/locale/C/LC_MESSAGES/%A/%N:/usr/lib/locale/C/LC_MESSAGES/%A/%N.cat

If /etc/default/envpaths does not exist and you create it, be sure to include the default four lines shown above as otherwise many TZ and NLSPATH choices will be rejected.

References

getdate(3C) for DATEMSK
environ(5) for LANG, LC_MESSAGES and NLSPATH
gettxt(1), gettxt(3C), fmt(1), pfmt(3C), setlocale(3C) for LANG and LC_MESSAGES
catopen(1tcl), catopen(3C) for NLSPATH
prof(1) for PROFDIR
TZ(5), ctime(3C) for TZ
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004