Web lists-archives.com

Re: Which checks should we mandate for source operations in shell scripts




Marc Haber writes:
> back in the sysvinit days, we used to have the following construct as
> a common idiom in init scripts:
>
> |if [ -f /etc/default/foo ]; then
> |  . /etc/default/foo
> |fi
>
> This is an immediate privilege escalation vulnerability in the case
> that /etc/default/foo or /etc/default itself is/are writeable for
> non-root users.

That seems to be the same class of issue as init scripts, systemd units
(in /etc/systemd/system) or /bin/bash writable by non-root.  I don't
think Debian should try to "fix" this.

(Now, let me mention my favorite
  chown -R non-root /var/lib/service
in maintainer scripts...)

Ansgar