On Sun, Jan 07, 2024 at 04:58:23AM +0100, Kevin Kofler via devel wrote: > Kevin Kofler via devel wrote: > > Aoife Moloney wrote: > >> == Summary == > >> The `/usr/sbin` directory becomes a symlink to `bin`, which means > >> paths like `/usr/bin/foo` and `/usr/sbin/foo` point to the same place. > >> `/bin` and `/sbin` are already symlinks to `/usr/bin` and `/usr/sbin`, > >> so effectively `/bin/foo` and `/sbin/foo` also point to the same > >> place. `/usr/sbin` will be removed from the default `$PATH`. > > > > I am against this because it breaks my kannolo-root-unlocker package: > > https://svn.calcforge.org/viewvc/kannolo/trunk/packages/kannolo-root-unlocker/kannolo-root-unlocker.spec?revision=270&view=markup > > > > I do not want to patch/overwrite the binaries in /usr/bin (because it will > > make the RPM verify fail, and also historically because it breaks > > deltarpms, though AIUI we do not support those anymore anyway), so I put > > the ones patched to accept running as root into /usr/sbin, which is > > conveniently before /usr/bin in root's PATH. This change breaks that. > > > > If this is implemented, I will have to change the kannolo-root-unlocker to > > patch the binaries in place. But people who have the old version of > > kannolo- root-unlocker installed may end up with corrupt binaries, because > > the scriptlets of course do not expect %{_bindir} and %{_sbindir} to be > > the same or symlinks to the same. (They are different macros for a > > reason.) > > Note that I already thought of using /usr/local/bin, in fact this was my > first attempt, but that does not work because kdesu does not search in > /usr/local/bin, and the KDE SIG also refused to fix that. It really sounds like something to fix in kdesu. Stripping directories out of $PATH is a not-thought-through security theater. Essentially, by the time we get to kdesu, the system already went through the full boot processes, including the whole graphical session, so if there's an attacker who managed to put a rogue binary in /usr/local/bin or /usr/local/sbin which are in the system $PATH, the game is looooong over. (Or in other words, if you can put a rogue binary there and execute code as root as various points in the boot process, easily and undectably, why would you wait until a human user happens to execute kdesu??.) Zbyszek -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
