Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Thoughts on protecting against PATH interception via user owned profiles

X-seq: zsh-users 24545
From: Lewis Butler <lbutler@xxxxxxxxxx>
To: Zsh Users <zsh-users@xxxxxxx>
Subject: Re: Thoughts on protecting against PATH interception via user owned profiles
Date: Sun, 15 Dec 2019 10:42:41 -0700
In-reply-to: <CAG78ipVVDWvyhNGvxtXxm1J0wXKyXA80iwHv84NLxsk02NeruA@mail.gmail.com>
List-help: <mailto:zsh-users-help@zsh.org>
List-id: Zsh Users List <zsh-users.zsh.org>
List-post: <mailto:zsh-users@zsh.org>
List-unsubscribe: <mailto:zsh-users-unsubscribe@zsh.org>
Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
References: <CAG78ipVksGrRjOdV0H=qofrtSNHfeh_OHg2GD9AjjnbF42JoMw@mail.gmail.com> <20191215071417.ivb76lzapj43ag3z@tarpaulin.shahaf.local2> <CAG78ipVVDWvyhNGvxtXxm1J0wXKyXA80iwHv84NLxsk02NeruA@mail.gmail.com>

On 15 Dec 2019, at 00:57, Andrew Parker <andrew.j.c.parker@xxxxxxxxx> wrote:
> Consider Homebrew. The installation script calls sudo. The root shell
> inherits my user's env. Brew them executes numerous commands that can be
> intercepted. My system is now forever compromised.

You should le the folks at Brew know about this.

On my system brew does NOT invoked sudo unless I have to install something like bind, and when it does it does not inherit my environment.

-- 
"Are you pondering what I'm pondering?"
"I think so, Brain, but what kind of rides do they have in
	Fabioland?”

References:
- Thoughts on protecting against PATH interception via user owned profiles
  - From: Andrew Parker
- Re: Thoughts on protecting against PATH interception via user owned profiles
  - From: Daniel Shahaf
- Re: Thoughts on protecting against PATH interception via user owned profiles
  - From: Andrew Parker

Messages sorted by: Reverse Date, Date, Thread, Author