Web lists-archives.com

Re: where to submit low security vulnerability in .profile?

Le decadi 30 prairial, an CCXXV, David Bunch a écrit :
> This could be a potential security vulnerability because if the user account
> of a uesr with 'su' power, an attacker could place a malicious 'su', 'ls', 
> and 'which' in their ~/bin directory which could give an attacker the root
> password when the user runs the 'su' command.  

If the attacker is able to write in ~/bin, then they are also able to
write in ~/.profile and add anything they want there. Therefore, the
change you suggest does absolutely nothing for security.

> A safer configuration would be PATH=$PATH:'$HOME/bin'.

If a user installs a program in their home that is already available on
the system, it probably means they want to use their version rather than
the system's. The same goes for programs installed by the admin versus
programs installed by the distribution. Hence, the correct order is
really ~/bin, /usr/local/bin then /usr/bin and not the other way around.


  Nicolas George

Attachment: signature.asc
Description: Digital signature