Re: [PATCH] Remove absolute paths from gpg.rc
Derek Martin wrote:
> On Fri, Mar 16, 2007 at 12:40:27AM +0000, Paul Walker wrote:
>>> setting, and I also don't think that any person interested in security
>>> should run with garbage in $PATH. I would also guess that it's just as
>> That's fine, and I would agree, but the person you're dealing with should be
>> assumed to be a normal user, not "any person interested in security".
>
> I agree.
>
>>> easy to modify a person's .muttrc as to put a trojan gpg somewhere in
>>> their PATH.
>> If you can modify someones personal files, the game's already over.
>
[--snip--]
>
> If the attacker is merely able to upload an arbitrary file, this is by
> far the best route to go. He'll have to make guesses about the best
> place to put his trojans, but as I just pointed out, that isn't
> necessarily hard. By contrast, if he's only able to upload files, but
> not able to examine the existing contents of files, then replacing
> someone's muttrc will almost certainly be noticed, by virtue of Mutt's
> almost mandatory customization. It's nearly certain that something
> about the config will be changed, and very likely something the user
> will notice with very little effort.
Uhm, am I missing something, or does "uploading", say, ~/.muttrc with
contents
mailboxes `rm -rf /ha/ha/you/die`
not game over?
Point being: If your configuration file format allows execution of
arbitrary commands you are exactly as screwed by "can create/overwrite
arbitrary files" exploits as "can execute arbitrary content" explots.
Cheers,
--
Bardur Arantsson
<bardurREMOVE@xxxxxxxxxxxxxxxxxxx>
I haven't slept for ten days... because that would be too long.
Mitch Hedberg