Re: where to submit low security vulnerability in .profile?
On Mon, 19 Jun 2017, Greg Wooledge wrote:
> You appear to be claiming that putting ~/bin in PATH is somehow inherently
> unsafe. I don't agree. Under what conditions would this result in any
> kind of privilege escalation?
The OP was complaining that ~/bin was being *prepended* to PATH, instead
of appended.
When you prepend ~/bin to PATH, it allows one to have a shell script
such as ~/bin/sudo that will be run instead of the system's sudo. Then,
some use of social engineering might get an admin or some other user to
type in a password to run a command using su or sudo.
That said, no, it is not usually considered a security vulnerability,
because NOT using the full path to run commands such as "su" and "sudo"
in the first place IS considered gross negligence.
So, train your fingers! There is no "su", it *is* /bin/su. And there
is no "sudo", it *is* /usr/bin/sudo. Never trust aliases, PATH, or
anything of the like for this stuff.
Still, IMHO it would be much better if we *appended* ~/bin to PATH,
instead. I just checked, and "bash" in stretch seems to do the wrong
thing...
> What does "'su' power" mean, anyway? That the end user has been given
> the root password? If you've given someone the root password, they
> already have whatever power they want.
This is usually coupled to some social engineering to get someone else
that has the password to think (s)he is running the system su/sudo and
type it.
--
Henrique Holschuh
Reply to: