On Wed, May 02, 2018 at 01:46:34PM +0000, Stephen Gallagher wrote: > On Wed, May 2, 2018 at 6:44 AM Miro Hrončok <mhron...@redhat.com> wrote: > > > On 2.5.2018 15:30, Stephen Gallagher wrote: > > > Does anyone see a reason not to prioritize ~/.local/bin over > > /usr/bin? > > > > > > > > > Yes, if a user's account is compromised (or any service running as > > > them), it's REALLY easy to drop faked tools into a user-private > > > directory and override critical system tools (like replacing 'bash' with > > > a keylogger). > > > > If user's account is compromised, user's PATH can be changed. IMHO the > > provided argument is not valid. > > > > > > There are a lot of ways where their account can be compromised without > having complete session access. If they're running a web-connected > application as their user, that application could be compromised to write a > file to disk. If that file can now supersede the system copy, they have now > escalated the degree of the compromise.
If they can write a file to disk, they can just replace $HOME/.bashrc to set $PATH or any number of other things that can escalate to the same degree. You either need MAC or some kind of ocontainer based solution for the user's apps to prevent a compromised app escalating to own the entire session. $PATH ordering offers no meaningful protection. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
