Re: ${HOME} vs. g_get_home_dir ()
On Thu, Sep 27, 2012 at 11:53:36PM +0200, Josselin Mouette wrote:
> Le jeudi 27 septembre 2012 à 14:39 -0700, Josh Triplett a écrit :
> > Agreed entirely. In particular, it breaks the very common use case of
> > running a program with sudo. "sudo foo" leaves $HOME set to the user's
> > home directory rather than root, so that foo will use the same
> > configuration either way.
>
> This is a bug in sudo. There can be very dangerous things in $HOME (such
> as scriptable application configuration files), and they should clearly
> be ignored in favor of those of root.
Since the user has already ran sudo, I don't see a problem. If you can add
a scriptable config file, you can arrange for that "sudo" to be a wrapper
over "/usr/bin/sudo".
> > A user can then use sudo -H or sudo -i if
> > they want a more rootish environment. Other programs that don't respect
> > $HOME include ssh, which forces ugly workarounds like this:
> > sudo ssh -o UserKnownHostsFile=$HOME/.ssh/known_hosts ...
>
> This is desired. Allowing to use another user’s known_hosts, which can
> have been fiddled with, is dangerous.
YOUR known_hosts? What Josh mentioned is using /home/you rather than /root;
if someone else can fiddle with your known_hosts and you can run arbitrary
commands through sudo, you're screwed already as files in .ssh tend to be
more secure than most other files.
--
Copyright and patents were never about promoting culture and innovations;
from the very start they were legalized bribes to give the king some income
and to let businesses get rid of competition. For some history, please read
https://en.wikipedia.org/wiki/Statute_of_Monopolies_1623
Reply to: