[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: kdesu overrides user's PATH with hardcoded path
From: Romain <romainguinot () gmail ! com>
Date: 2008-09-06 18:13:33
Message-ID: ae44b51f0809061113w44adfbd5kfbb0c93dcd07a41b () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I second that.
I understand the feature from a security standpoint, and i suppose i doesn't
hurt as an added security layer. However, being able to configure it simply
configure it through a (read only,root owned) configuration file would have
helped me in the situation i was in when i originally posted this question.
I am glad it sparked this discussion .
If an evil-intended someone achieves to modify this file by getting root
write privilege, well there's much worse he/she could do than modifying
kdesu's path don't you think ?.
Regards,
On Sat, Sep 6, 2008 at 9:02 AM, Gary Greene <greeneg@tolharadys.net> wrote:
> On Friday 05 September 2008 04:25:42 pm Anders Lövgren wrote:
> > On Thursday 04 September 2008 08.40.13 Oswald Buddenhagen wrote:
> > > On Thu, Sep 04, 2008 at 02:52:43AM +0200, Anders Lövgren wrote:
> > > > The modified $PATH will at least protect against e.g. running a bad
> > > > ~/bin/cat from a program or script that happens to use whatever cat
> > > > that comes first in the $PATH.
> > >
> > > *how* is a bad cat supposed to get into ~/bin, huh? why do you want to
> > > secure the door of an obviously blown up house?
> >
> > Regarding the *how*, huh? and ~/bin: you had an idea about it yourself in
> > your previous mail, why asking me? :-)
> >
> > I don't think we need to discuss the *how* further here, theres better
> > forums for that. For the second question I would like to switch the
> > viewpoint: If the house is not blown up, why not lock the door?
> >
> > >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to
> > >> unsubscribe <<
>
> Anders,
>
> Its not the "why not lock the door" issue I think that Ossi is commenting
> on,
> but rather the fact that this is completely UN-CONFIGURABLE. If I want this
> feature as a paranoid user, it should be managed by a configuration file
> that
> is read only versus plain hardcoding paths in the code. This way if _I_
> don't
> want/need it, I can set my system up as I want without patching the code
> unnecessarily.
>
> --
> Gary L. Greene, Jr.
> Sent from: peorth
> 23:59:53 up 5 days, 1 min, 6 users, load average: 0.31, 0.23, 0.19
> ==========================================================================
> Developer and Project Lead for the AltimatOS open source project
> Volunteer Developer for the KDE open source project
> See http://www.altimatos.com/ and http://www.kde.org/ for more information
> ==========================================================================
>
> Please avoid sending me Word or PowerPoint attachments.
>
>
> >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to
> unsubscribe <<
>
>
[Attachment #5 (text/html)]
<div dir="ltr">Hi, <br><br>I second that. <br>I understand the feature from a security \
standpoint, and i suppose i doesn't hurt as an added security layer. However, being able to \
configure it simply configure it through a (read only,root owned) configuration file would have \
helped me in the situation i was in when i originally posted this question. I am glad it \
sparked this discussion . <br> <br>If an evil-intended someone achieves to modify this file by \
getting root write privilege, well there's much worse he/she could do than modifying \
kdesu's path don't you think ?.<br><br>Regards, <br><br><br> <br><br><div \
class="gmail_quote">On Sat, Sep 6, 2008 at 9:02 AM, Gary Greene <span dir="ltr"><<a \
href="mailto:greeneg@tolharadys.net">greeneg@tolharadys.net</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); \
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div><div></div><div class="Wj3C7c">On Friday \
05 September 2008 04:25:42 pm Anders Lövgren wrote:<br> > On Thursday 04 September 2008 \
08.40.13 Oswald Buddenhagen wrote:<br> > > On Thu, Sep 04, 2008 at 02:52:43AM +0200, \
Anders Lövgren wrote:<br> > > > The modified $PATH will at least protect against e.g. \
running a bad<br> > > > ~/bin/cat from a program or script that happens to use \
whatever cat<br> > > > that comes first in the $PATH.<br>
> ><br>
> > *how* is a bad cat supposed to get into ~/bin, huh? why do you want to<br>
> > secure the door of an obviously blown up house?<br>
><br>
> Regarding the *how*, huh? and ~/bin: you had an idea about it yourself in<br>
> your previous mail, why asking me? :-)<br>
><br>
> I don't think we need to discuss the *how* further here, theres better<br>
> forums for that. For the second question I would like to switch the<br>
> viewpoint: If the house is not blown up, why not lock the door?<br>
><br>
> >> Visit <a href="http://mail.kde.org/mailman/listinfo/kde-devel#unsub" \
target="_blank">http://mail.kde.org/mailman/listinfo/kde-devel#unsub</a> to<br> > >> \
unsubscribe <<<br> <br>
</div></div>Anders,<br>
<br>
Its not the "why not lock the door" issue I think that Ossi is commenting on,<br>
but rather the fact that this is completely UN-CONFIGURABLE. If I want this<br>
feature as a paranoid user, it should be managed by a configuration file that<br>
is read only versus plain hardcoding paths in the code. This way if _I_ don't<br>
want/need it, I can set my system up as I want without patching the code<br>
unnecessarily.<br>
<br>
--<br>
Gary L. Greene, Jr.<br>
Sent from: peorth<br>
23:59:53 up 5 days, 1 min, 6 users, load average: 0.31, 0.23, 0.19<br>
==========================================================================<br>
Developer and Project Lead for the AltimatOS open source project<br>
Volunteer Developer for the KDE open source project<br>
See <a href="http://www.altimatos.com/" target="_blank">http://www.altimatos.com/</a> and <a \
href="http://www.kde.org/" target="_blank">http://www.kde.org/</a> for more information<br> \
==========================================================================<br> <br>
Please avoid sending me Word or PowerPoint attachments.<br>
<br><br>
>> Visit <a href="http://mail.kde.org/mailman/listinfo/kde-devel#unsub" \
target="_blank">http://mail.kde.org/mailman/listinfo/kde-devel#unsub</a> to unsubscribe \
<<<br> <br></blockquote></div><br></div>
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic