Thread: Secure $PATH for regular user
View Single Post

  #8 (permalink)  
Old 10-30-2007
Moe Trin
 
Posts: n/a
Default Re: Secure $PATH for regular user
On Tue, 30 Oct 2007, in the Usenet newsgroup comp.os.linux.security, in article
<1193750234.632859.264120@19g2000hsx.googlegroups. com>, Nico wrote:

NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.

>Under most Linux systems I've seen, there's a widget in /etc/profile
>that *provides* /sbin and /usr/sbin for the root user, and does not
>do so for non-root users.

/etc/profile is a configuration file, and I've never noticed it being
standardized across distributions. /etc/profile is sourced when a
Bourne style shell is a "login" shell, but (with few exceptions such
as the new release of Mandriva) /etc/profile is not sourced in a GUI
login. In text based logins (that use /bin/login), the PATH is often
initially set by /bin/login, while a typical GUI sets the PATH in the
login manager:

[selene ~]# strings /bin/login | grep bin:
/usr/local/bin:/bin:/usr/bin
/sbin:/bin:/usr/sbin:/usr/bin
[selene ~]# strings /usr/X11R6/bin/xdm | grep bin:
/sbin:/usr/sbin:/bin:/usr/bin
/usr/local/bin:/bin:/usr/bin
[selene ~]#

The startup scripts for the login shell may then be used to replace
or alter the PATH (recall there are individuals who use a C shell
such as /bin/tcsh and friends - none of which know about /etc/profile).

>This is irritating if you use sudo to run things as root, since
>programs from the sbin directories are not in the PATH as expected.

Minor quibble - policy at every place I've seen sudo used was to
train the sudoers to ALWAYS run the commands with full PATHname,
even if the desired binary is in the users PATH. Admittedly, the
documentation that comes with sudo doesn't stress this elementary
precaution. Untrained users (the typical 'home' user) often don't
understand this - but then, they also lack a lot of basic security
concepts as well.

>Now, the "." and the "~/bin" directories, *those* do not belong in
>the default PATH.

The dot (".") in the PATH (or ending the PATH with a colon ":" which
has the same effect) I can agree should not be in the PATH. Why do
you feel that the individual user's home/bin directory should not be
in the PATH. What exploit are you assuming is possible due to this?
Most sane setups do not have that directory writable by other than
the owner, and placing nasties there requires the same elevated
permissions that are needed to replace system binaries in /bin/ or
similar. Hence, if they can screw up the users ~/bin, they can also
screw the entire system. What's the point?

Old guy
Reply With Quote