On Wed, 01 Apr 2015 20:43:46 +0200 h8h@xxxxxxxxxxx wrote: > hi > > I recently switched to a new laptop and therefore I copied all my > wifi-configuration files (/etc/netctl) to the new one. Too bad that the > wifi interface has changed (thanks to sysctl) and I wrote a small bash > script, which should change the `interface` variable. By the way the > script doesn't work very well, but I place it in the same folder with > all the wifi-configuration files (/etc/netctl/) and I noticed that the > tool `wifi-menu` is executing my script. I don't think this is a big > vulnerability nor a bug, but if an attacker has the opportunity to place > a bash file there, the system could be damaged by simple executing > `wifi-menu`. Yes I know that the folder is not world / user writeable, > but maybe some thoughts from the archlinux community? > > The reason for executing is sourceing all the files in /etc/netctl, > maybe this could be improved by using eval and grep, see [1] > > Cheers > Christian Homeyer > H8H > > [1] https://bbs.archlinux.org/viewtopic.php?id=85726 Same thing could be said for /etc/profile.d/, /etc/X11/xinit/xinitrc.d, and various other places. Permissions are there for a reason. Doug
