From kde-devel Sun Aug 31 23:02:52 2008 From: "Guillaume Pothier" Date: Sun, 31 Aug 2008 23:02:52 +0000 To: kde-devel Subject: Re: kdesu overrides user's PATH with hardcoded path Message-Id: <8caa8ded0808311602r1d46d8c9na72af96afcb1bb07 () mail ! gmail ! com> X-MARC-Message: https://marc.info/?l=kde-devel&m=122022386006220 >> > this argument is nonsense. why would /usr/bin be less vulnerable than > /usr/local/bin? there is no probability involved here. attacker can > modify anything in your $PATH => you lose. period. I think the case is more about something the user downloads somewhere into his home directory (which she can do without needing any privileges) than something between /usr and /usr/local. But yes, I agree that it is far from being absolute security... g > by extension that means that $PATH containing "." is an actual security > problem: when you happen to be in a directory to which an attacker (who > happens to be a legitimate user of the system) has write access (e.g., > /tmp), you'll run his executable. this is somewhat alleviated by having > the "." as the last thing in $PATH instead of as the first one, but then > the attacker still can install mistyped versions of common commands and > thus have a realistic chance of having his code executed by a victim. > so kdesu filtering out "." from $PATH would be a reasonable thing (so > far, it only protects against "" (same as ".") at the start). > > -- > Hi! I'm a .signature virus! Copy me into your ~/.signature, please! > -- > Confusion, chaos, panic - my work here is done. > >>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe << > >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<