On Wednesday, May 2, 2018 3:46:34 PM CEST Stephen Gallagher wrote: > On Wed, May 2, 2018 at 6:44 AM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote: > > On 2.5.2018 15:30, Stephen Gallagher wrote: > > > Does anyone see a reason not to prioritize ~/.local/bin over > > > > /usr/bin? > > > > > Yes, if a user's account is compromised (or any service running as > > > them), it's REALLY easy to drop faked tools into a user-private > > > directory and override critical system tools (like replacing 'bash' with > > > a keylogger). > > > > If user's account is compromised, user's PATH can be changed. IMHO the > > provided argument is not valid. > > There are a lot of ways where their account can be compromised without > having complete session access. If they're running a web-connected > application as their user, that application could be compromised to write a > file to disk. If that file can now supersede the system copy, they have now > escalated the degree of the compromise. You have two choices: 1. Either you allow users to easily install software to their home directory. If their user account is compromised, an attacker can install some software they do not want to install, but it still affects their user account only. 2. You do not allow users to easily install software to their home directory. In that case, they will install questionable software using sudo, which gives it root privileges and affects all other users on the system (and possibly other systems reachable through a trusted network). Which of those choices is more secure? Kamil _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
