[arch-projects] [dbscripts] [RFC] Perform all database and copy operations using a dedicated user
Thomas Bächler
thomas at archlinux.org
Sun Nov 3 10:47:53 EST 2013
Am 03.11.2013 14:47, schrieb Dave Reisner:
>> +switch_user() {rror
>> + local user
>> +
>> + user=$(whoami)
>
> I'm not sure what sort of security this is meant to introduce, but it's
> easy to forge a binary called 'whoami' which returns whatever you want
> and put it higher in your PATH. It's equally easy to override the USER
> environment var, and even readonly variables like UID.
>
> Suggestions:
>
> 1) Explicitly call /usr/bin/whoami or /usr/bin/id
> 2) Maybe there's a way to use sudo directly for authentication as well?
> Thinking about something with 'sudo -l $binary'.
Actually, now that you mention it, $USER should be sufficient. This
check only ensures that we switch users whenever we should. If someone
works around it, it will only lead to errors since permissions are
insufficient.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20131103/6ac4ae8e/attachment.asc>
More information about the arch-projects
mailing list