From: Andrew Parker <andrew.j.c.parker@gmail.com>
To: zsh-users@zsh.org
Subject: Thoughts on protecting against PATH interception via user owned profiles
Date: Sun, 15 Dec 2019 14:27:45 +0800 [thread overview]
Message-ID: <CAG78ipVksGrRjOdV0H=qofrtSNHfeh_OHg2GD9AjjnbF42JoMw@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1625 bytes --]
Hey guys,
I'm curious to hear the community's thoughts on the threat of PATH
interception in shells. Specifically, it's very easy for a malicious
process, running as regularly user, to interfere with your profiles and
there's no fool-proof way to protect against this. For example, a malicious
binary can easily change a profile to insert something into your PATH. Once
that's done a privilege escalation is extremely feasible due to the vast
number of tools that rely on your path and which don't specify full paths
to binaries they in turn shell out to.
My question is whether zsh (and other shells) would ever be interested in
implementing a solution to this. My suggestion would be something like the
following (although there may be better alternatives):
* zsh uses a config file in e.g. /etc directory which much be owned and
only writable by root
* The config can be used enable "protected profiles"
* Once protected profiles are enabled, only profiles which are owned and
only writable by root can be sourced on startup
N.B. I'm only proposing this config to allow backwards compatibility for
users who don't want this or might face unexpected issues.
I've written some gory details here in this article:
http://modelephant.net/?p=95. Sorry for the self-promotion, that's actually
not my intent. However, I can't really write things down any clearer than I
have done there.
Thoughts welcome on this, in particular
* Did I miss a trick with my analysis?
* Is zsh somehow already protected (I've only really stared hard at bash)
* Is anyone else worried about this sort of threat?
* Does anyone care? :)
Andrew
next reply other threads:[~2019-12-15 6:28 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-15 6:27 Andrew Parker [this message]
2019-12-15 7:14 ` Daniel Shahaf
2019-12-15 7:57 ` Andrew Parker
2019-12-15 8:49 ` Daniel Shahaf
2019-12-15 17:42 ` Lewis Butler
2019-12-15 18:57 ` Grant Taylor
2019-12-15 19:47 ` Bart Schaefer
2019-12-17 13:34 ` Andrew Parker
2019-12-15 8:41 ` Roman Perepelitsa
2019-12-15 8:49 ` Andrew Parker
2019-12-15 14:31 ` Andrew Parker
2019-12-15 14:43 ` Roman Perepelitsa
2019-12-17 13:35 ` Andrew Parker
2019-12-16 4:10 ` Daniel Shahaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG78ipVksGrRjOdV0H=qofrtSNHfeh_OHg2GD9AjjnbF42JoMw@mail.gmail.com' \
--to=andrew.j.c.parker@gmail.com \
--cc=zsh-users@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).