Lennart Poettering wrote: > CVE-2014-9680, CVE-2014-0106, CVE-2010-3853, CVE-2010-1646, > CVE-2008-3825, CVE-2006-0151, CVE-2005-4158, CVE-2005-3629, > CVE-2005-2959, CVE-2004-1051, CVE-2002-0043, … > > These are all env var cleanup issues in su/sudo context.
And the environment variable cleanup (which is uncontestably necessary for security (*)) also comes with collateral damage that makes it a bad idea to run monolithic GUI programs under such tools, see, e.g.: https://bugzilla.redhat.com/show_bug.cgi?id=1171779 (*) Now, arguably, the default configuration of pkexec actually does *not* need the cleanup because it does not allow unprivileged users to run only selected commands, but both sudo and pkexec can be configured to allow that, and then you need to prevent the invoker from getting arbitrary code execution through environment variable hacks. (Of course, D-Bus-activating those GUI programs will not work either. They need to be split into unprivileged GUI and privileged helper(s).) Kevin Kofler _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
