Web lists-archives.com

Re: where to submit low security vulnerability in .profile?

On 06/18/2017 05:05 AM, Nicolas George wrote:
Le decadi 30 prairial, an CCXXV, David Bunch a écrit :
This could be a potential security vulnerability because if the user account
of a uesr with 'su' power, an attacker could place a malicious 'su', 'ls',
and 'which' in their ~/bin directory which could give an attacker the root
password when the user runs the 'su' command.

If the attacker is able to write in ~/bin, then they are also able to
write in ~/.profile and add anything they want there. Therefore, the
change you suggest does absolutely nothing for security.

A safer configuration would be PATH=$PATH:'$HOME/bin'.

If a user installs a program in their home that is already available on
the system, it probably means they want to use their version rather than
the system's. The same goes for programs installed by the admin versus
programs installed by the distribution. Hence, the correct order is
really ~/bin, /usr/local/bin then /usr/bin and not the other way around.


I can see David's concern though if one puts their own version of something and it's compromised.

But now that you mention it, one should now better than to do that. :)