On Fri, Nov 02, 2007 at 11:34:01AM -0500, John Hasler wrote: > I wrote: > > See my other reponse to this thread. ~/bin at the front of $PATH is a > > security risk. > > Miles writes: > > It an attacker is able to install stuff in ~/bin, they can (and almost > > certainly would) also modify your .profile (etc) to change PATH > > themselves. > > There are a number of such exposures for the naive users that are now > starting to put Linux on their computers. They will be exploited when the > number of vulnerable machines gets large enough. I think we need some explaining here John. How is the existence of ~/bin at the front of $PATH a problem in itself? In order for it to be a problem, an attacker has to have write access to $HOME already. If they have write access to $HOME, there is nothing to stop them from putting ~/bin at the front of $PATH, so it existence (or not) in $PATH to begin with is irrelevant. Or maybe I'm misunderstanding something here. Likewise, if an attacker has write access to $HOME, why not just put an alias command=/path/to/corrupted/command in .bashrc or whatever. This also renders the ~/bin thing irrelevant. In other words, this is sort of similar to an argument on the order of: leaving a spare key in the glovebox of the car is a security risk. That's true, but only in a situation where someone has already gained access to the vehicle and looked in the glove box to see that there is a key, thereby saving them the effort of hotwiring the thing. The damage is already done: someone is already in the vehicle ($HOME) doing bad stuff. The existence of a key (~/bin in $PATH) is merely a convenience for them in an already insecure situation. .02 from a naive user wanting more information. A
Attachment:
signature.asc
Description: Digital signature