From: Daniel Shahaf <d.s@daniel.shahaf.name>
To: Zsh Users <zsh-users@zsh.org>
Cc: Andrew Parker <andrew.j.c.parker@gmail.com>
Subject: Re: Thoughts on protecting against PATH interception via user owned profiles
Date: Mon, 16 Dec 2019 04:10:46 +0000 [thread overview]
Message-ID: <20191216041046.u2hwnkfxdfqer7io@tarpaulin.shahaf.local2> (raw)
In-Reply-To: <CAN=4vMr6DCXWHL0Om4nZ6_y1AJA8vDpOKbu3qfCz-5MunSDO4w@mail.gmail.com>
Roman Perepelitsa wrote on Sun, Dec 15, 2019 at 09:41:14 +0100:
> On Sun, Dec 15, 2019 at 7:29 AM Andrew Parker
> <andrew.j.c.parker@gmail.com> wrote:
> > My question is whether zsh (and other shells) would ever be interested in
> > implementing a solution to this. My suggestion would be something like the
> > following (although there may be better alternatives):
> >
> > * zsh uses a config file in e.g. /etc directory which much be owned and
> > only writable by root
> > * The config can be used enable "protected profiles"
> > * Once protected profiles are enabled, only profiles which are owned and
> > only writable by root can be sourced on startup
>
> You can do this by creating /etc/zshenv (owned by root) with the
> following content (untested):
>
> [[ -o no_rcs ]] && return
>
> () {
> emulate -L zsh -o extended_glob
> local file files=(zshenv)
> [[ -o login ]] && files+=(zprofile zlogin zlogout)
> [[ -o interactive ]] && files+=(zshrc)
> for file in ${ZDOTDIR:-~}/.$^files; do
> [[ ! -f $file || -n $file(#qNu0g0^W) ]] && continue
> # Either not owned by root:root or world writable.
> echo -E - "skipping zsh user rcs because ${(q)file} is tainted" >&2
> setopt no_rcs
> return 1 # alternatively: exit 1
> done
> }
>
This piece of code should not be used in production; it is insecure.
> This checks whether any of the user rc files are tainted (either not
> owned by root:root or world-writable) and unsets rc option if so. This
> will prevent zsh from sourcing rc files from the user's home
> directory. You can take some other action there if you like, such as
> exiting the shell.
prev parent reply other threads:[~2019-12-16 4:11 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-15 6:27 Andrew Parker
2019-12-15 7:14 ` Daniel Shahaf
2019-12-15 7:57 ` Andrew Parker
2019-12-15 8:49 ` Daniel Shahaf
2019-12-15 17:42 ` Lewis Butler
2019-12-15 18:57 ` Grant Taylor
2019-12-15 19:47 ` Bart Schaefer
2019-12-17 13:34 ` Andrew Parker
2019-12-15 8:41 ` Roman Perepelitsa
2019-12-15 8:49 ` Andrew Parker
2019-12-15 14:31 ` Andrew Parker
2019-12-15 14:43 ` Roman Perepelitsa
2019-12-17 13:35 ` Andrew Parker
2019-12-16 4:10 ` Daniel Shahaf [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191216041046.u2hwnkfxdfqer7io@tarpaulin.shahaf.local2 \
--to=d.s@daniel.shahaf.name \
--cc=andrew.j.c.parker@gmail.com \
--cc=zsh-users@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).