On 12.6.2018 13:50, Nico Kadel-Garcia wrote:
On Tue, Jun 12, 2018 at 7:10 AM, Tomasz Kłoczko
<kloczko.tomasz@xxxxxxxxx> wrote:
Just FTR: So far I was unable to find in any of the fredesktop.org or
other specs (https://www.freedesktop.org/wiki/Software/) things like
requirement use /usr/local{bi,sbin} or ~.local/bin in $PATH (and
especially on the front of thes env variable). I would be really glad
to find original reason why paths like /usr/local{bi,sbin} have been
added to OOTB $PATH and why someone has been thinking that those paths
should be added on the front of the $PATH.
Most of them aren't worried enough about it, or don't have enough
history to see underlying problems. Most think, and I'm pretty sure of
this, that you've gotten the security explanations done repeatedly and
seem to have ignored them. They're certainly not actually spelled out
in your analysis.
The simple fact is that "sudo" inherits $HOME and $PATH by default.
Your proposed change would make privilege escalation attacks against
sudo users much more trivial by opening up the attack surface for
every binary in /bin or /usr/bin to be replaced by a local binary in
~/.local/bin/. The situation you're trying to resolve, where a
powerful binary has intermingled components that may or not be matched
by system components, has been resolved repeatedly by tools like rvm
and pyvenv, by setting up a specific directory *not* enabled by
default, but making setup for that less default enabled tool easy for
the user to enable on a case by case basis.
So, the risk of your change is high for others, the consequences are
potentially *disastrous*, and you've already got workarounds for your
particular needs *without* touching other system behavior If you
really want it for youself as a user, which I do not recommend for
such a tool, well, you can insist on doing it for your own individual
needs on a case by case basis.
If somebody can write to your $HOME, they can change your $PATH. Hence
the disaster is already happening and this change doesn't make it any
more insecure than it already is.
Please read
https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/OXXC5NOZP37W2F6GHV6P5E6K22QHOBNJ/
- this has already been discussed there.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/4FQJUIWIGHQJM5VFZO2E6IPFI45R2Z4U/
