From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-users-return-24545-ml=inbox.vuxu.org@zsh.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2
Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2])
	by inbox.vuxu.org (OpenSMTPD) with ESMTP id 09c86f86
	for <ml@inbox.vuxu.org>;
	Sun, 15 Dec 2019 21:08:49 +0000 (UTC)
Received: (qmail 3889 invoked by alias); 15 Dec 2019 17:43:19 -0000
Mailing-List: contact zsh-users-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Users List <zsh-users.zsh.org>
List-Post: <mailto:zsh-users@zsh.org>
List-Help: <mailto:zsh-users-help@zsh.org>
List-Unsubscribe: <mailto:zsh-users-unsubscribe@zsh.org>
X-Seq: 24545
Received: (qmail 3839 invoked by uid 1010); 15 Dec 2019 17:43:18 -0000
X-Qmail-Scanner-Diagnostics: from mail.covisp.net by f.primenet.com.au (envelope-from <lbutler@covisp.net>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.102.1/25663. spamassassin: 3.4.2.  
 Clear:RC:0(65.121.55.42):SA:0(-2.6/5.0):. 
 Processed in 1.403167 secs); 15 Dec 2019 17:43:18 -0000
X-Envelope-From: lbutler@covisp.net
X-Qmail-Scanner-Mime-Attachments: |
X-Qmail-Scanner-Zip-Files: |
Received-SPF: pass (ns1.primenet.com.au: SPF record at covisp.net designates 65.121.55.42 as permitted sender)
From: Lewis Butler <lbutler@covisp.net>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: Thoughts on protecting against PATH interception via user owned
 profiles
Date: Sun, 15 Dec 2019 10:42:41 -0700
References: <CAG78ipVksGrRjOdV0H=qofrtSNHfeh_OHg2GD9AjjnbF42JoMw@mail.gmail.com>
 <20191215071417.ivb76lzapj43ag3z@tarpaulin.shahaf.local2>
 <CAG78ipVVDWvyhNGvxtXxm1J0wXKyXA80iwHv84NLxsk02NeruA@mail.gmail.com>
To: Zsh Users <zsh-users@zsh.org>
In-Reply-To: <CAG78ipVVDWvyhNGvxtXxm1J0wXKyXA80iwHv84NLxsk02NeruA@mail.gmail.com>
Message-Id: <434273C6-2355-4517-AA92-38E44611DEB7@covisp.net>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
X-Qmail-Scanner-2.11: added fake MIME-Version header
MIME-Version: 1.0

On 15 Dec 2019, at 00:57, Andrew Parker <andrew.j.c.parker@gmail.com> =
wrote:
> Consider Homebrew. The installation script calls sudo. The root shell
> inherits my user's env. Brew them executes numerous commands that can =
be
> intercepted. My system is now forever compromised.

You should le the folks at Brew know about this.

On my system brew does NOT invoked sudo unless I have to install =
something like bind, and when it does it does not inherit my =
environment.



--=20
"Are you pondering what I'm pondering?"
"I think so, Brain, but what kind of rides do they have in
	Fabioland?=E2=80=9D