Hi Bruno, On Tue, Oct 22, 2013 at 08:24:56PM +0200, Bruno Kleinert wrote: [..] > Hi Stefan, > > I suggest to use absolute paths everywhere, not just because of > incompatibility reasons of fauhdlc versions. If a user has a broken PATH > variable (for whatever reason), the binary might not be found at all.
That's caught by the error check at the start of the script, however the output may not be visible when executing from the icon... > The second reason is security: If PATH is used to search for a > particular binary, a malicious binary might be executed, if PATH points > to a directory to which an attacker has write permissions. OTOH not using an absolute PATH gives the advantage to override a binary by a local version just by changing PATH appropriately. I'm a little bit unsure if this is a real security problem to possibly execute anything: To do this, the attacker must already have gained control over $PATH (e.g. of the user account). Can the attacker really gain more privileges then? (Not talking about setuid binaries, of course). Actually, you made me think about not just the fauhdlc call there, but all the other scripts like sed, touch, zenity etc. I guess calls that are contained in the package (e.g. the call to faum-node-pc) and calls that are closely related (i.e. fauhdlc) are good to be with an absolute path to ensure that the right (as in compatible) binary is always preferred. The remainder may rely on $PATH. But I'll think about that again ;). I assume I'll see you on Friday at Inf3? Then we can discuss this matter further. > How about uploading a fixed version in the meantime, if the next > FAUMachine release might take some more time? Probably a good idea. I'll try to find some time on the weekend to sort it out. Cheers, Stefan.
signature.asc
Description: Digital signature
