[Freeipa-devel] [freeipa PR#204][comment] ipautil.run: Remove hardcoded environ PATH value
rcritten
freeipa-github-notification at redhat.com
Tue Nov 1 19:24:11 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/204
Title: #204: ipautil.run: Remove hardcoded environ PATH value
rcritten commented:
"""
This isn't about replacing existing binaries, it's about putting binaries into unexpected places that are in the default PATH (e.g. ~/bin or /usr/local/bin).
PATH cannot be overridden by an attacker without making code changes, in which case it's already game over (or it shouldn't, I didn't look for every execution of ipautil.run() where env is passed in.
I don't disagree on being platform dependent.
As for documentation, it just got missed. It's not an excuse, just the reality.
It is generally accepted best-practice to not trust user input, including environment variables. See https://www.securecoding.cert.org/confluence/display/c/ENV03-C.+Sanitize+the+environment+when+invoking+external+programs
This isn't followed completely, but at least the environment by default is wiped and PATH is controlled for the most part.
Originally the commands were called explicitly, e.g. /usr/kerberos/sbin/kadmin.local, but because of the Fedora 14 issue we had to rely on PATH (see d0ea0bb63891babd1c5778df2e291b527c8e927c).
"""
See the full comment at https://github.com/freeipa/freeipa/pull/204#issuecomment-257667140
More information about the Freeipa-devel
mailing list