Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Thoughts on protecting against PATH interception via user owned profiles



On Sun, Dec 15, 2019 at 7:29 AM Andrew Parker
<andrew.j.c.parker@xxxxxxxxx> wrote:
> My question is whether zsh (and other shells) would ever be interested in
> implementing a solution to this. My suggestion would be something like the
> following (although there may be better alternatives):
>
> * zsh uses a config file in e.g. /etc directory which much be owned and
> only writable by root
> * The config can be used enable "protected profiles"
> * Once protected profiles are enabled, only profiles which are owned and
> only writable by root can be sourced on startup

You can do this by creating /etc/zshenv (owned by root) with the
following content (untested):

  [[ -o no_rcs ]] && return

  () {
    emulate -L zsh -o extended_glob
    local file files=(zshenv)
    [[ -o login       ]] && files+=(zprofile zlogin zlogout)
    [[ -o interactive ]] && files+=(zshrc)
    for file in ${ZDOTDIR:-~}/.$^files; do
      [[ ! -f $file || -n $file(#qNu0g0^W) ]] && continue
      # Either not owned by root:root or world writable.
      echo -E - "skipping zsh user rcs because ${(q)file} is tainted" >&2
      setopt no_rcs
      return 1  # alternatively: exit 1
    done
  }

This checks whether any of the user rc files are tainted (either not
owned by root:root or world-writable) and unsets rc option if so. This
will prevent zsh from sourcing rc files from the user's home
directory. You can take some other action there if you like, such as
exiting the shell.

Roman.



Messages sorted by: Reverse Date, Date, Thread, Author