Privilege escalation via a key-logger is not a good example. It can be prevented by not letting a user write to a drive with execute permissions.
Preventing this exploit is relatively simple. Have a "super" PATH variable that trumps everything including functions, aliases, and the regular PATH variable. This variable could only be set by /etc/bash.bashrc, /etc/profile, or root. It's contents would look like PATH. Example: PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin SPATH=/usr/secure-bin:/sbin:/usr/sbin:/usr/local/sbin There would be soft-links to security related binaries in the /usr /secure-bin folder. -- password stealing via bashrc https://bugs.launchpad.net/bugs/151831 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
