Re: Failed to find ENV in /root/.profile.

Lloyd <ng2d68@proton.me> writes:

> What is the meaning behind the following output from security(8):
>
> Checking root sh paths, umask values:
> /etc/profile /root/.profile
> Failed to find ENV in /root/.profile.
>
> I get these daily complaints on every box where root's .profile calls out to a shell script for some housekeeping tasks on a login shell; e.g. /usr/local/bin/bash or /usr/bin/env bash. If I call out to an executable such as /bin/ls the complaint is suppressed.
>
> Not sure why ENV would be needed because I only want these tasks to execute on a login shell. I am using ksh as the default shell. What is the security concern by not having a ENV script defined in .profile? The default .profile does not define ENV. Or have I misused/abused .profile for eternity and not known it?
>

Your are misinterpreting the error message.

The security(8) script could be found at
https://github.com/openbsd/src/blob/master/libexec/security/security#L248

With some simplification, it is running:
/bin/sh -c '. /root/.profile; echo ENV=$ENV; echo PATH=$PATH'

and check the output. In your case, it is complaining that "echo ENV="
doesn't produce the expected line with 'ENV' string.



(if you run the command yourself, your actual ENVIRONMENT might contains
ENV or PATH variables, so prefix the command with "env -i" to clear the
environment first).

$ env -i ksh -c '. /etc/profile; echo ENV=$ENV; echo PATH=$PATH'
ENV=
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin

# env -i ksh -c '. /root/.profile; echo ENV=$ENV; echo PATH=$PATH'
ENV=
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin

Regards.
--
Sebastien Marie