help / color / Atom feed
* Thoughts on protecting against PATH interception via user owned profiles
@ 2019-12-15  6:27 Andrew Parker
  2019-12-15  7:14 ` Daniel Shahaf
  2019-12-15  8:41 ` Roman Perepelitsa
  0 siblings, 2 replies; 14+ messages in thread
From: Andrew Parker @ 2019-12-15  6:27 UTC (permalink / raw)
  To: zsh-users

[-- Attachment #1: Type: text/plain, Size: 1625 bytes --]

Hey guys,

I'm curious to hear the community's thoughts on the threat of PATH
interception in shells. Specifically, it's very easy for a malicious
process, running as regularly user, to interfere with your profiles and
there's no fool-proof way to protect against this. For example, a malicious
binary can easily change a profile to insert something into your PATH. Once
that's done a privilege escalation is extremely feasible due to the vast
number of tools that rely on your path and which don't specify full paths
to binaries they in turn shell out to.

My question is whether zsh (and other shells) would ever be interested in
implementing a solution to this. My suggestion would be something like the
following (although there may be better alternatives):

* zsh uses a config file in e.g. /etc directory which much be owned and
only writable by root
* The config can be used enable "protected profiles"
* Once protected profiles are enabled, only profiles which are owned and
only writable by root can be sourced on startup

N.B. I'm only proposing this config to allow backwards compatibility for
users who don't want this or might face unexpected issues.

I've written some gory details here in this article:
http://modelephant.net/?p=95. Sorry for the self-promotion, that's actually
not my intent. However, I can't really write things down any clearer than I
have done there.

Thoughts welcome on this, in particular

* Did I miss a trick with my analysis?
* Is zsh somehow already protected (I've only really stared hard at bash)
* Is anyone else worried about this sort of threat?
* Does anyone care? :)


^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, back to index

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-15  6:27 Thoughts on protecting against PATH interception via user owned profiles Andrew Parker
2019-12-15  7:14 ` Daniel Shahaf
2019-12-15  7:57   ` Andrew Parker
2019-12-15  8:49     ` Daniel Shahaf
2019-12-15 17:42     ` Lewis Butler
2019-12-15 18:57     ` Grant Taylor
2019-12-15 19:47     ` Bart Schaefer
2019-12-17 13:34       ` Andrew Parker
2019-12-15  8:41 ` Roman Perepelitsa
2019-12-15  8:49   ` Andrew Parker
2019-12-15 14:31   ` Andrew Parker
2019-12-15 14:43     ` Roman Perepelitsa
2019-12-17 13:35       ` Andrew Parker
2019-12-16  4:10   ` Daniel Shahaf


Archives are clonable: git clone --mirror http://inbox.vuxu.org/zsh-users

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git