On 13 June 2018 at 17:04, Till Maas <opensource@xxxxxxxxx> wrote: > On Tue, Jun 12, 2018 at 08:43:06AM -0400, Matthew Miller wrote: >> On Tue, Jun 12, 2018 at 07:50:29AM -0400, Nico Kadel-Garcia wrote: >> > The simple fact is that "sudo" inherits $HOME and $PATH by default. >> >> Not in Fedora's default configuration. And, this proposal increases my >> support for keeping that as it is (with secure_path set). > > I did not see a convincing argument or explanation why there is a > critical security issue with sudo and this change, even when sudo would > inherit $HOME and $PATH. Who is the attacker that can drop files only in > $HOME/.local/bin or $HOME/bin not not in other directories, cannot > append existing files and does not yet have elevated access on the > system. > The usual culprit in the past has been where an attacker gets access via a chrooted or container environment where they only have access to a limited set of directories. A long time ago this was done via ftp and some other remote filesystem which were common in universities and thought safe by itself. Or the attack would be done by controlling one host with root permissions and using NFS or some other global filesystems to put a trojan in one system and then getting the admin to execute it on a different system. This was why it was a security finding for a long time in various checklists that user controlled bin directories needed to be at the end of the path. It was also linked to the reason not to put . in the path. > Kind regards > Till > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/LJEJ3WYUA7UTU2HBRLG5MMDNNOPY5KKN/ -- Stephen J Smoogen. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/GQFBASWQOYCGLPLEZ7UMXU7NN5FHPABS/
