On 06/12/2018 07:50 AM, Nico Kadel-Garcia wrote: > On Tue, Jun 12, 2018 at 7:10 AM, Tomasz Kłoczko > <kloczko.tomasz@xxxxxxxxx> wrote: > >> Just FTR: So far I was unable to find in any of the fredesktop.org or >> other specs (https://www.freedesktop.org/wiki/Software/) things like >> requirement use /usr/local{bi,sbin} or ~.local/bin in $PATH (and >> especially on the front of thes env variable). I would be really glad >> to find original reason why paths like /usr/local{bi,sbin} have been >> added to OOTB $PATH and why someone has been thinking that those paths >> should be added on the front of the $PATH. > Most of them aren't worried enough about it, or don't have enough > history to see underlying problems. Most think, and I'm pretty sure of > this, that you've gotten the security explanations done repeatedly and > seem to have ignored them. They're certainly not actually spelled out > in your analysis. > > The simple fact is that "sudo" inherits $HOME and $PATH by default. > Your proposed change would make privilege escalation attacks against > sudo users much more trivial by opening up the attack surface for > every binary in /bin or /usr/bin to be replaced by a local binary in > ~/.local/bin/. The situation you're trying to resolve, where a > powerful binary has intermingled components that may or not be matched > by system components, has been resolved repeatedly by tools like rvm > and pyvenv, by setting up a specific directory *not* enabled by > default, but making setup for that less default enabled tool easy for > the user to enable on a case by case basis. > > So, the risk of your change is high for others, the consequences are > potentially *disastrous*, and you've already got workarounds for your > particular needs *without* touching other system behavior If you > really want it for youself as a user, which I do not recommend for > such a tool, well, you can insist on doing it for your own individual > needs on a case by case basis. > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/QHIKORMDVMA4JNRKYLO2M7LLLAY25R3U/ `sudo` inheriting the user's path is a security issue, in itself. Also note that Fedora's default sudo config does not allow $PATH inheritance, anyway. See sudo(8), section "ENVIRONMENT": PATH May be overridden by the security policy. kmarek@localhost.localdomain ~ $ sh -c 'echo $PATH' /usr/libexec/python3-sphinx:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/home/kmarek/.local/bin:/home/kmarek/bin kmarek@localhost.localdomain ~ $ sudo sh -c 'echo $PATH' /sbin:/bin:/usr/sbin:/usr/bin kmarek@localhost.localdomain ~ $ env PATH=/nonexistent /usr/bin/sudo env | grep ^PATH= PATH=/sbin:/bin:/usr/sbin:/usr/bin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/NYKLV7AGO5OXLAWUSLYMNADJN5FITQM6/
