Am 30.10.2013 18:59, schrieb Miloslav Trmač: > On Wed, Oct 30, 2013 at 10:23 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: >>> If I can write to files you own, it doesn't matter if there's a >>> directory in the PATH or not. I can write this to your .bash_profile: >>> >>> /bin/mkdir $HOME/.bin 2> /dev/null >>> echo 'echo "i could rm -rf ~/ here"' > $HOME/.bin/mkdir >>> chmod +x $HOME/.bin/mkdir >>> PATH=$HOME/.bin:$PATH >> >> you can do this and that - but that's no valid argumentation >> doing bad things in default setups and *at least* do not >> place *hidden* diretories there, ther is a good reason why >> software like rkhunter alerts if you have hidden directories >> somewhere in /usr/bin/ >> >> there are three type of users >> >> * people who care about security and know that there are >> enough rough edges but smart enough to take this *not >> as excuse* to create new ones > > That's not how security works. To get actual security, you want the > design to make a _precise_ promise, and then implement it _100% > correctly_. Not with "rough edges"; compose three implementations > with "rough edges" and the result gives you no security promise. no *that is* how security works 100% security is simply impossible > In this case, the security promise needs to be "the attacker can't > write to arbitrary files in your home directory" which is not possible at all, any application running with your user can write in your home directory and any security relevant bug in that application may result in changes __________________________ even if my english is not perfect i try to explain some basics now the only remeining question the impact of this possible changes * have one writeable places for executeables -> the attack needs to try exactly this * have three writeable places for executeables -> the attack needs one out of three and no, you can't imagine an attack like "hey i have a sehll now and try around where i can compromise your setup" - in most cases after a buffer overlow and such things you have *one* chance to execture your code before the applications crashs
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
