Re: [PATCH] Remove absolute paths from gpg.rc
On Thu, Mar 22, 2007 at 08:45:20PM -0400, Derek Martin wrote:
> In many places, computers are shared resources, and often groups are
> collaborating. It may be that as a matter of policy, the programs
> being developed by the group must go into a directory writable by the
> group. A malicious user -- perhaps someone intent upon stealing a
> coworker's research -- could insert a trojaned copy of gpg which works
> correctly for everyone except the target user, into the shared
> directory.
>
that example doesn't make too much sense. as an attacker, i'd trojanize
mutt itself (too). and you can't really expect users to use
/usr/bin/mutt to start it. if you really want to, you can make PATH
empty in the first place. but then, why would you add the shared bin
directory to PATH? and anyway, if you are in a situation where you have
to execute code written by users you cannot trust, you already have lost
anyway.
the point is still the same: apply security where it provably makes
sense. that means to distrust PATH only in setuid programs.
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.