Re: where to submit low security vulnerability in .profile?

To: debian-user@lists.debian.org
Subject: Re: where to submit low security vulnerability in .profile?
From: Nicolas George <george@nsup.org>
Date: Mon, 19 Jun 2017 19:11:50 +0200
Message-id: <[🔎] 20170619171150.GA41056@phare.normalesup.org>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20170619160843.GX22519@eeg.ccf.org>
References: <[🔎] 20170618045606.7f62osvgoyixtoij@x200.davidebunch.org> <[🔎] 20170619123612.GQ22519@eeg.ccf.org> <[🔎] 20170619155900.GE22428@khazad-dum.debian.net> <[🔎] 20170619160058.GA4865@phare.normalesup.org> <[🔎] 20170619160843.GX22519@eeg.ccf.org>

Le primidi 1er messidor, an CCXXV, Greg Wooledge a écrit :
> Henrique, I believe, was describing an attack that works like this:
> 
> 2) PATH=~/bin:$PATH
> 3) vi ~/bin/su  (insert malicious code); chmod 755 ~/bin/su
> 4) Call the system administrator, and get him/her to come to your desk.

I do not think so, as the default value set in the distribution has no
relevance for that kind of attack.

Regards,

-- 
  Nicolas George

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- where to submit low security vulnerability in .profile?
  - From: David Bunch <depb@posteo.net>
- Re: where to submit low security vulnerability in .profile?
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: where to submit low security vulnerability in .profile?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: where to submit low security vulnerability in .profile?
  - From: Nicolas George <george@nsup.org>
- Re: where to submit low security vulnerability in .profile?
  - From: Greg Wooledge <wooledg@eeg.ccf.org>

Prev by Date: stretch
Next by Date: Re: Debian 9
Previous by thread: Re: where to submit low security vulnerability in .profile?
Next by thread: Re: where to submit low security vulnerability in .profile?
Index(es):
- Date
- Thread