On Fri, Jun 15, 2018 at 12:55 PM, Till Maas <opensource@xxxxxxxxx> wrote: > So the assumption is to have a super sophisticated browser exploit for which > an attacker most likely spent several days to find it and then the PATH > setting will make it so much harder that the exploit will not succeed? There > are a lot more real challenges that attackers have to face. No "browser" sophistication is necessary. The replacement of default system utilities by anyone who write into that private but semi-concealed $HOME/.local/bin/, which is notably less apparent than $HOME/bin, can introduce a trojaned binary that can even erase itself after a single abusive attempt against the user. This includes all the system binaries in /usr/bin and /bin/, since they are now *ahead* of the default $PATH. >> If I was writing malware, I would be much happier with just being able >> to drop a file in ~/bin or ~/.local/bin than doing the research on where >> PATH is actually being set, and then getting the `sed` right, and all >> that **without** being immediately discovered (eg. because I broke the >> syntax or caused error). > > > If the attacker can already call sed, then they do not need to drop a > binary. Also they do not need to research where PATH is actually set. To be less apparent about their work, yes, they do. It's much easier to climb in the open back door than bother picking a lock, even if you know how to pick locks or the lock isn't very good. > The initial theory in this thread was that it is a significant security > risk. And all the arguments for this are either "it's obvious" or are based > on arbitrarily constructed scenarios. If you are saying it just makes a > minor impact, then we do not need to discuss further because this is good > enough for me. No, you just keep claiming to have discredited them. I think you're seriously outvoted on this one, especially since the "put $HOME/local/.bin" first by default is *exactly* what you, personally, can be done on a case by case basis if it's *really* needed by an an individual. Since "manipulating .bashrc is so trivial", let the people who need a non-standard PATH set up their own and take their own risks. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/2VQSL3446RGUEXJJWM6YW2LZ7KK5ITOZ/
