URL: https://github.com/freeipa/freeipa/pull/204
Title: #204: ipautil.run: Remove hardcoded environ PATH value

rcritten commented:
This isn't about replacing existing binaries, it's about putting binaries into 
unexpected places that are in the default PATH (e.g. ~/bin or /usr/local/bin).

PATH cannot be overridden by an attacker without making code changes, in which 
case it's already game over (or it shouldn't, I didn't look for every execution 
of ipautil.run() where env is passed in.

I don't disagree on being platform dependent.

As for documentation, it just got missed. It's not an excuse, just the reality.

It is generally accepted best-practice to not trust user input, including 
environment variables. See 

This isn't followed completely, but at least the environment by default is 
wiped and PATH is controlled for the most part.

Originally the commands were called explicitly, e.g. 
/usr/kerberos/sbin/kadmin.local, but because of the Fedora 14 issue we had to 
rely on PATH (see d0ea0bb63891babd1c5778df2e291b527c8e927c).

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to