Re: Which checks should we mandate for source operations in shell scripts

To: debian-devel@lists.debian.org
Subject: Re: Which checks should we mandate for source operations in shell scripts
From: Ansgar Burchardt <ansgar@debian.org>
Date: Thu, 21 Jun 2018 00:17:55 +0200
Message-id: <[🔎] 87o9g5cdbg.fsf@43-1.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] E1fVj6f-00053J-RL@drop.zugschlus.de> (Marc Haber's message of "Wed, 20 Jun 2018 21:49:29 +0200")
References: <[🔎] E1fVj6f-00053J-RL@drop.zugschlus.de>

Marc Haber writes:
> back in the sysvinit days, we used to have the following construct as
> a common idiom in init scripts:
>
> |if [ -f /etc/default/foo ]; then
> |  . /etc/default/foo
> |fi
>
> This is an immediate privilege escalation vulnerability in the case
> that /etc/default/foo or /etc/default itself is/are writeable for
> non-root users.

That seems to be the same class of issue as init scripts, systemd units
(in /etc/systemd/system) or /bin/bash writable by non-root.  I don't
think Debian should try to "fix" this.

(Now, let me mention my favorite
  chown -R non-root /var/lib/service
in maintainer scripts...)

Ansgar

Reply to:

References:
- Which checks should we mandate for source operations in shell scripts
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

Prev by Date: Re: Which checks should we mandate for source operations in shell scripts
Next by Date: Re: Etiquette about test regression, bug severities, etc.
Previous by thread: Re: Which checks should we mandate for source operations in shell scripts
Next by thread: Re: Which checks should we mandate for source operations in shell scripts
Index(es):
- Date
- Thread