Hello Patrik, thanks for your concern for Ubuntu's security. As you said, there are numerous possibilities for trouble when an account is compromised in this fashion. Placing malicious versions of utilities into ~/bin is another common choice. (Usually shell aliases, functions, and ~/bin/ replacements of common utilities is in the realm of "students playing practical jokes on each other when they first use Unix systems".)
Consider a slight modification of your function, to call it 'ls' or 'mv' or 'cat'. Would it be any less dangerous? If the user used sudo in that terminal recently, it's bad news. If the user didn't authenticate to sudo recently they will be prompted for a password, they may wonder why, and start to investigate. How? With 'vi'? With 'cat'? With 'alias'? Each of those could also do other malicious things. A more enterprising attacker with the ability to modify user files could install a keylogger, or cause shell sessions to start with script(1) or similar utilities, or use ptrace-based debugging techniques to read secrets from user processes, etc. These would be more reliable and harder to spot. On Ubuntu, it is a convention that the first user account on the computer gets sudo access; while this is very convenient, it's also a risk. It is also common for higher-security environments for one person to have multiple accounts: one used for administrative actions and one used for their personal work on the computer. It is also important to recall that root access is not necessarily the most important goal of an attacker. Computers work with a wide variety of data from a wide variety of sources and threats like cryptolockers or data exfiltration often doesn't need root privileges to be catastrophically bad for a user or an organization. There's no simple solution to address what you've found. It used to be common for system administrators to run periodic checks of all user files to make sure permissions made sense, there was nothing malicious in them, etc. (This was my introduction to Unix security in the 90s; an ircii plugin I had downloaded added '+ +' to my ~/.rhosts file. It was spotted by the sysadmin a few hours later thanks to an automated tool.) In addition to checking for too-wide write permissions, also be sure to protect your account with good, high-quality, passwords, and disable password authentication where you can, so you can rely upon ssh authorized_keys instead. Lock your screen before suspending your laptop or walking away from your desktop. Be careful with what USB and Firewire devices you plug into your computer. And so on. We can't realistically try to handle "someone has write access to my home directory" as a threat model. If someone has write access to your home directory they can do a great deal of damage. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1893241 Title: attack alias sudo with nasty payload To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1893241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
