cjwatson at ubuntu.com
Thu Dec 19 02:37:43 UTC 2013
On Tue, Dec 17, 2013 at 01:41:24PM -0500, Rashkae wrote:
> On 13-12-17 01:21 PM, Colin Watson wrote:
> >On Mon, Dec 16, 2013 at 08:09:14PM -0500, Rashkae wrote:
> >>That's a very good catch. My system also has the home bin
> >>directories at the start of my PATH, something I never even though
> >>to check!
> >>Yes, it's true that this poses a security risk.
> >No, it really doesn't. That directory is only writable by your user, so
> >anyone who can write to that directory can also control your user in
> >myriad other ways; for example they could use the exact same access to
> >modify ~/.bashrc. If they have this access, they're already inside the
> >security boundary you're trying to defend.
> I already explained the attack method in the e-mail, which you
> convenient cut out in you're reply, rather than address it.
I did address it; I just didn't feel it necessary to overquote. Your
"attack vector" is in effect identical to many other ways you can use
the ability to write to the filesystem using a user's filesystem
privileges to attack that user, such as the ~/.bashrc method I noted.
You cannot defend a security boundary that simply does not exist in any
Colin Watson [cjwatson at ubuntu.com]
More information about the ubuntu-users