[Podman] Re: pathless execution of iptables

Good morning everyone I'm using duply on my homelab backup system and noticed today that when I include a podman run blablabla on a pre script, this is trying to call 'iptables' without any path, and results that duply does not add /usr/sbin to the $PATH on the pre scripts execution environment when is executed as root, so the iptables call ends with an error: Output: time="2020-01-23T02:00:02+01:00" level=error msg="Error adding network: failed to locate iptables: exec: \"iptables\": executable file not found in $PATH" time="2020-01-23T02:00:02+01:00" level=error msg="Error while adding pod to CNI network \"podman\": failed to locate iptables: exec: \"iptables\": executable file not found in $PATH" Error: error configuring network namespace for container fbaad57e6a9d1894624b67cb2f3e9d8483af56bf71680befabfbb85fd589e640: failed to locate iptables: exec: "iptables": executable file not found in $PATH So I'm asking here... should we rely on $PATH to reach iptables executable, or hardcode /usr/sbin as it path? If an attacker managed to alter my $PATH, could open an attack vector due to this $PATH thing and use a malicious iptables located on a different path with higher precedence on my $PATH ?