launcher icon indicating copy to clipboard operation
launcher copied to clipboard

Published 20 hours ago verified publisher icon kolide

Hardcoded paths to binaries everywhere

Open znewman01 opened this issue 2 years ago • 4 comments

I'm on NixOS, which doesn't really put binaries in /bin:

$ ls /bin/
sh
$

Additionally, there's no /sbin. This is causing all sorts of problems, since the launcher code base has hardcoded paths in a bunch of places. The one that's really giving me trouble at the moment is zfs.

This is failing even when the appropriate binaries are on the $PATH:

$ for cmd in zfs gsettings nmcli; do
       eval $(sudo strings /proc/$(pgrep launcher)/environ | grep '^PATH') command -v $cmd
  done
/nix/store/yw1by07874clir1jqlnvc9xz7k27q3vh-zfs-user-2.1.4/bin/zfs
/nix/store/4ml4higjpkgjzpzm1qa0rabn7qjdcbn4-glib-2.72.0-bin/bin/gsettings
/nix/store/akig9n0zp09cq7rvc91dhlz2jyhi52rv-networkmanager-1.36.4/bin/nmcli

So I guess I have two(ish) questions:

  1. Why do we hardcode paths rather than respecting the $PATH of the launcher process? Would it be okay to just use the binary names instead?
  2. If not, can we provide an alternate way of specifying paths to each of the binaries that the launcher shells out to?

znewman01 avatar Apr 30 '22 19:04 znewman01

My historic experience is that it's best practice to specify full paths. Partly because system daemons often have minimal paths, and can't always find things. And sometimes because people sneak malicious binaries with shared names into the path.

It's not clear to me that either of these holds for NixOS, and I'm amenable to finding some additional patterns.

What do you think makes sense? I could imagine looking on the path and verifying that it's in /nix/store/

directionless avatar May 02 '22 13:05 directionless

The following seem unlikely to be true at the same time:

Partly because system daemons often have minimal paths, and can't always find things.

And sometimes because people sneak malicious binaries with shared names into the path.

I wonder whether we can just add a flag like --use-PATH (name WIP) to allow using the $PATH like normal if a user requests it, or having a separate KOLIDE_PATH variable.

znewman01 avatar May 02 '22 13:05 znewman01

I've been thinking about this.

I'm currently somewhat against a --use-path flag, because I think it would just end up set all the time.

I'm currently favoring falling back to the path, with an allowlist for /nix/store and some other prefixes.

directionless avatar Jun 03 '22 14:06 directionless

Such a solution would be 100% sufficient for my use case!

znewman01 avatar Jun 03 '22 20:06 znewman01