Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: Thoughts on protecting against PATH interception via user owned profiles
- X-seq: zsh-users 24534
- From: Roman Perepelitsa <roman.perepelitsa@xxxxxxxxx>
- To: Andrew Parker <andrew.j.c.parker@xxxxxxxxx>
- Subject: Re: Thoughts on protecting against PATH interception via user owned profiles
- Date: Sun, 15 Dec 2019 09:41:14 +0100
- Cc: Zsh Users <zsh-users@xxxxxxx>
- In-reply-to: <CAG78ipVksGrRjOdV0H=qofrtSNHfeh_OHg2GD9AjjnbF42JoMw@mail.gmail.com>
- List-help: <mailto:zsh-users-help@zsh.org>
- List-id: Zsh Users List <zsh-users.zsh.org>
- List-post: <mailto:zsh-users@zsh.org>
- List-unsubscribe: <mailto:zsh-users-unsubscribe@zsh.org>
- Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
- References: <CAG78ipVksGrRjOdV0H=qofrtSNHfeh_OHg2GD9AjjnbF42JoMw@mail.gmail.com>
On Sun, Dec 15, 2019 at 7:29 AM Andrew Parker
<andrew.j.c.parker@xxxxxxxxx> wrote:
> My question is whether zsh (and other shells) would ever be interested in
> implementing a solution to this. My suggestion would be something like the
> following (although there may be better alternatives):
>
> * zsh uses a config file in e.g. /etc directory which much be owned and
> only writable by root
> * The config can be used enable "protected profiles"
> * Once protected profiles are enabled, only profiles which are owned and
> only writable by root can be sourced on startup
You can do this by creating /etc/zshenv (owned by root) with the
following content (untested):
[[ -o no_rcs ]] && return
() {
emulate -L zsh -o extended_glob
local file files=(zshenv)
[[ -o login ]] && files+=(zprofile zlogin zlogout)
[[ -o interactive ]] && files+=(zshrc)
for file in ${ZDOTDIR:-~}/.$^files; do
[[ ! -f $file || -n $file(#qNu0g0^W) ]] && continue
# Either not owned by root:root or world writable.
echo -E - "skipping zsh user rcs because ${(q)file} is tainted" >&2
setopt no_rcs
return 1 # alternatively: exit 1
done
}
This checks whether any of the user rc files are tainted (either not
owned by root:root or world-writable) and unsets rc option if so. This
will prevent zsh from sourcing rc files from the user's home
directory. You can take some other action there if you like, such as
exiting the shell.
Roman.
Messages sorted by:
Reverse Date,
Date,
Thread,
Author