Re: Which checks should we mandate for source operations in shell scripts
Marc Haber writes:
> back in the sysvinit days, we used to have the following construct as
> a common idiom in init scripts:
> |if [ -f /etc/default/foo ]; then
> | . /etc/default/foo
> This is an immediate privilege escalation vulnerability in the case
> that /etc/default/foo or /etc/default itself is/are writeable for
> non-root users.
That seems to be the same class of issue as init scripts, systemd units
(in /etc/systemd/system) or /bin/bash writable by non-root. I don't
think Debian should try to "fix" this.
(Now, let me mention my favorite
chown -R non-root /var/lib/service
in maintainer scripts...)