If an attacker can put a binary in /usr/local/bin, they already have root and we are doomed anyways. If you are still worried about it, reorder PATH so that /usr/local/whatever comes last instead of first.
On Tue, May 14, 2013 at 10:38 AM, Vasiliy Khomenko < vkhome...@griddynamics.com> wrote: > Attacker can put binary in /usr/local/bin for example. on ubuntu that path > located before /usr/bin. > We could create some templates with absolute paths to binaries for each > distro (deb-based, rhel-based) and auto-detect them. > > > > On Tue, May 14, 2013 at 3:36 PM, Victor Lowther > <victor.lowt...@gmail.com>wrote: > >> Err, sounds like a lot of work to make the code more fragile. If you >> want to be paranoid about launching the right command, do it by >> sanity-checking $PATH, not by hardcoding the path of all the executables >> you call. >> >> >> On Tue, May 14, 2013 at 5:56 AM, Stanislav Pugachev < >> spugac...@griddynamics.com> wrote: >> >>> Hi, >>> I've added a blueprint >>> https://blueprints.launchpad.net/hacking/+spec/absolute-paths-of-os-binaries >>> Please, take a look and let's discuss it if it makes sense. >>> Thank you >>> Stas. >>> >>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >>> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
