On Mon, 19 Jun 2017, The Wanderer wrote: > On 2017-06-19 at 11:59, Henrique de Moraes Holschuh wrote: > > On Mon, 19 Jun 2017, Greg Wooledge wrote: > >> You appear to be claiming that putting ~/bin in PATH is somehow > >> inherently unsafe. I don't agree. Under what conditions would > >> this result in any kind of privilege escalation? > > > > The OP was complaining that ~/bin was being *prepended* to PATH, > > instead of appended. > > > > When you prepend ~/bin to PATH, it allows one to have a shell script > > such as ~/bin/sudo that will be run instead of the system's sudo. > > Then, some use of social engineering might get an admin or some other > > user to type in a password to run a command using su or sudo. > > > > That said, no, it is not usually considered a security > > vulnerability, because NOT using the full path to run commands such > > as "su" and "sudo" in the first place IS considered gross > > negligence. > > > > So, train your fingers! There is no "su", it *is* /bin/su. And > > there is no "sudo", it *is* /usr/bin/sudo. Never trust aliases, > > PATH, or anything of the like for this stuff. > > Wouldn't that seem to be an argument against installing the real su, > sudo, and so forth, _anywhere_ in $PATH? If running them in any other > way than with the full explicit path is such bad security practice, then > why do we install them in such a way as to facilitate doing so?
It would. I don't know of anyone that does that, though, because it is too painful to be worth it. The fact is, if we remove them, we will get a lot of complains, and it will break someone's scripts for sure (note: if these scripts set PATH to something trusted, they're *not* unsafe). Besides, it is valid for anything that will ask for passwords or sensitive data. One also has to pay attention to not ever "help the logged-in user" under a terminal tap, rogue screen/tmux session, "script", etc... -- Henrique Holschuh