Re: where to submit low security vulnerability in .profile?

[RavenLX <ravenlx@sitesplace.net>]

On 06/18/2017 12:56 AM, David Bunch wrote:
> Hi,
>
> I'm not sure where or how or even if i should submit a bug small security
> vulnerability in the default .profile that is created in each users home
> directory.
>
> .profile searches for a ~/bin directory and if it finds it prepends it to
> PATH like so: PATH='$HOME/bin':$PATH
>
> This could be a potential security vulnerability because if the user account
> of a uesr with 'su' power, an attacker could place a malicious 'su', 'ls',
> and 'which' in their ~/bin directory which could give an attacker the root
> password when the user runs the 'su' command.
>
> A safer configuration would be PATH=$PATH:'$HOME/bin'.
> This way if malicious copies of systems programs were placed in the user's
> ~/bin directory the uncompromised system copies would be still be run.
>
> Kind regards,
> -David Bunch

That's interesting. I didn't know there was a difference but now that I 
look at it, I think you're right. In Jessie, I had to set this manually 
in ~/.bashrc because it didn't work out of the box for some reason.

Then again, I do not create a directory called ~/bin but instead it's a 
symlink to another subdirectory inside a subdirectory in my $HOME 
because of the way I like to arrange things. That probably was why it 
didn't work for me out of the box in "Jessie"? I'll have to test that in 
Stretch.