[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Use $DEB_BUILD_DIR rather than parent directory?

On Wed, Nov 22, 2000 at 07:43:31PM -0800, Joey Hess wrote:
> jpenny@universal-fasteners.com wrote:
> > No, not at all.  It is good security practice.  The problem with
> > environment variables is that they can be hidden, and the user
> > completely unaware of what is set.  The command line option is
> > in plain view.  Clearly, the command line option ought to supercede.
> > 
> > In fact, I think a good case can be made for dpkg/apt not honoring
> > environment variables at all (maybe LD_LIBRARY_PATH is an exception).
> > YMMV.
> 
> Please explain how, if you manage to get my shell to set an environement
> variable, you could not have just done whatver setting the environement
> variable eventually makes some program do?

OK, perhaps I used the wrong word.  Less immediate might be better.

However, if I can persuade you to alter your PATH or LD_LIBRARY_PATH, 
I can insert trojans that you will execute.
The classic trick is to insert something that forks
a daemon that accepts shell commands, and then goes ahead and runs the
normal executable.

How do I do it?  Well, the usual way is to offer some service, often a game,
which needs some setup.

I.e., tell the fish that if he only puts in 
. /home/somebody/super_quake_client/quake_client_setup as the LAST line
of his .profile.

Now wait.  If he does it and tries super_quake_client, you own him!

Then, like a nice little attacker, you go in and delete this line from
his .profile to make tracing harder.

> 
> (It would also be nice if you explained how environement variables can
> be hidden.)

How to hide a component--
try this at home...
export TEST_PATH=this:hidden_stuff:^h^h^h^h^h^h^h^h^h^h^h^h:more
To get the ^h, type ctrl-v crtl-h.

Now, execute
set
You should not see hidden_stuff.
set | more
Will not show you the variable.
echo $TEST_PATH
will not show hidden_stuff
set | less
will show you, but I have a trojan directory that throws less into raw mode,
so that doesn't do anything for my fish either.

Also, try this
export TEST1="this is something I don'w want the world to see"
export TEST2="^[Mthis hides TEST1^[M"
^[ is entered as crtl-v escape

again,
set , set | more, set | less -r show nothing.  
echo TEST2 is interesting, but why would you do it?
Unless I have a damned good
reasons to suspect that I have a cobbled environment, I will never find it.
> 

However, this has in my mind, not a lot to do with Wichert's position.
It violates the principal of least surprise considerably if the most
recent thing entered, _the command line argument_, is over-ridden by
something previously entered (and possibly forgotten), an environment
variable.

If a persistent storage mechanism is needed, a dot-file is better than
an environment variable.  A dot-file does not further complicate an
already too complicated namespace.  

If you want to have a dot-file that has two entries
I_am_determined_to_use_the_default_path_here_specified_and_will_never_bug_wichert_when_something_breaks_unexpectedly=yes
default_path=...

While this also violates the principle of least surprise, at least you have
clearly, verbosely, indicated that you want the behavior!


Jim

> -- 
> see shy jo
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: