From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22889 invoked from network); 25 Nov 2008 18:51:00 -0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.2.5 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 25 Nov 2008 18:51:00 -0000 Received-SPF: none (ns1.primenet.com.au: domain at sunsite.dk does not designate permitted sender hosts) Received: (qmail 26416 invoked from network); 25 Nov 2008 18:50:45 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 25 Nov 2008 18:50:45 -0000 Received: (qmail 23363 invoked by alias); 25 Nov 2008 18:50:26 -0000 Mailing-List: contact zsh-users-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 13491 Received: (qmail 23352 invoked from network); 25 Nov 2008 18:50:26 -0000 Received: from bifrost.dotsrc.org (130.225.254.106) by sunsite.dk with SMTP; 25 Nov 2008 18:50:26 -0000 Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.29]) by bifrost.dotsrc.org (Postfix) with ESMTP id A45FC80525B4 for ; Tue, 25 Nov 2008 19:50:21 +0100 (CET) Received: by yx-out-2324.google.com with SMTP id 31so57440yxl.81 for ; Tue, 25 Nov 2008 10:50:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=lUmNLYMkqqD1IP1Epsue+C9CfgevX1ytLrSHjE+KT5Q=; b=iqhbP8+bHPEaXFKql80UUT74wRHW7hognWxLVwNr3jq5EIouElf+0K3LVY5Uf7lnqn ju91XU66+eR88sdypT6CHE0q6DkamtqR/n+UAGyJqZf6bbJM96n9H2lZNIqT7tFQrdIH wzO+9BouvcUp5TDC7GIabk6aRwTBZZCFwidUg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=O6uaCPAtTenG3bdNFMclfEwdt3G9KsarKSAuwj84FCX6bH44l0+nIqNpSvtckSKHrJ mZSIKvVg7VruqsW8r1++dKszaBrE+oFQRiogvA0x/H/AGXyaKQ9SV4A6Gy5EV7VRNObi ALZmb6RWR7RgvWmKFbjOv9xxXZ8sEONqrJlTg= Received: by 10.143.37.20 with SMTP id p20mr1372243wfj.109.1227639019842; Tue, 25 Nov 2008 10:50:19 -0800 (PST) Received: by 10.143.116.8 with HTTP; Tue, 25 Nov 2008 10:50:19 -0800 (PST) Message-ID: <17393e3e0811251050p70bc48d1m75a6b0f9919a7d0b@mail.gmail.com> Date: Tue, 25 Nov 2008 13:50:19 -0500 From: "Matt Wozniski" To: zsh-users@sunsite.dk Subject: Re: (OT?) Re: Zsh configuration files In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2d460de70811230730v1a79f3b3rd73a020f99b66f02@mail.gmail.com> X-Virus-Scanned: ClamAV 0.92.1/8679/Tue Nov 25 14:08:31 2008 on bifrost X-Virus-Status: Clean On Tue, Nov 25, 2008 at 1:26 PM, Benjamin R. Haskellwrote: > On Tue, 25 Nov 2008, Allan Caffee wrote: > >> On Mon, Nov 24, 2008 at 5:33 PM, Benjamin R. Haskell >> wrote: >> >>> Long ago, I set some things up for easily sharing my Zsh startup scripts >>> between various computers I use. I did most of this when I was still fairly >>> new to Zsh, so some things might have easier/better ways to do them, but >>> this is how I set mine up. Some features: >>> >>> 1. Automatically runs any files matching .zsh_* in my home dir, excluding >>> vim swap files >>> >>> 2. For running as root, I can just link my normal-user .zshrc and .zshenv >>> files, and it'll detect that they're linked, and use the .zsh_* files from >>> my normal-user directory >> >> That sounds really dangerous. You're offering a hook for someone to >> execute arbitrary code as root. If someone breaks your user account they >> could for example add a file in your home directory that resets the root >> password or does some other really mean things. If you want root to have >> the same setup as your regular user you should put it somewhere that only >> root can write. > > I was thinking about that as I posted to the list, and since you pointed it > out, maybe I'll get some general feedback... (sorry if this is too > off-topic) > > Like many users (I suspect), most of the systems I'm talking about here are > essentially single-user systems. I log in under a normal user account, but > the only reason not to log in as root is 'rm -rf /' protection. (i.e. so as > to not cause unintentional damage.) On other systems, either: > > 1) I don't have root access, so this doesn't apply > > 2) The systems are properly secured (running/behind a firewall, > non-essential services are off, passwords are strong, system is kept > up-to-date, and I only ever log in to my normal account via SSH with keys) > [modulo, of course, this discussion] > > Am I really setting myself up for badness via this automated .zsh_* stuff? Yes. Automatically running code as root that can be written by a regular user is a very bad idea. > And even beyond those reasons... I always got the impression that someone > capable of using exploit X to break into a normal user's account had a > pretty low barrier to using exploit Y to elevate their privileges to root. > Is that not generally the case? [i.e. a system is only secure as its least > secure user] That's not really true at all. It's much harder to get root privileges with a user regular account than to break into the system... and with a setup like yours, you make it much much easier for someone to run arbitrary code as root, and compromise the system entirely. The fact that extracting a tarball in $HOME that extracts a (hidden!) file name .zsh_* can cause a script to be run as root that can do anything at all to the system is very, very bad. ~Matt