Hey guys, I'm curious to hear the community's thoughts on the threat of PATH interception in shells. Specifically, it's very easy for a malicious process, running as regularly user, to interfere with your profiles and there's no fool-proof way to protect against this. For example, a malicious binary can easily change a profile to insert something into your PATH. Once that's done a privilege escalation is extremely feasible due to the vast number of tools that rely on your path and which don't specify full paths to binaries they in turn shell out to. My question is whether zsh (and other shells) would ever be interested in implementing a solution to this. My suggestion would be something like the following (although there may be better alternatives): * zsh uses a config file in e.g. /etc directory which much be owned and only writable by root * The config can be used enable "protected profiles" * Once protected profiles are enabled, only profiles which are owned and only writable by root can be sourced on startup N.B. I'm only proposing this config to allow backwards compatibility for users who don't want this or might face unexpected issues. I've written some gory details here in this article: http://modelephant.net/?p=95. Sorry for the self-promotion, that's actually not my intent. However, I can't really write things down any clearer than I have done there. Thoughts welcome on this, in particular * Did I miss a trick with my analysis? * Is zsh somehow already protected (I've only really stared hard at bash) * Is anyone else worried about this sort of threat? * Does anyone care? :) Andrew