From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18479 invoked by alias); 12 Sep 2014 23:06:42 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 18452 invoked by uid 89); 12 Sep 2014 23:06:42 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.2 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Fri, 12 Sep 2014 23:06:41 +0000 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s8CN6eTq028706 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 12 Sep 2014 19:06:40 -0400 Received: from [10.3.113.7] ([10.3.113.7]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s8CN6d4C004884 for ; Fri, 12 Sep 2014 19:06:39 -0400 Message-ID: <54137C7F.1040507@redhat.com> Date: Fri, 12 Sep 2014 23:13:00 -0000 From: Eric Blake User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: Cannot exec() program outside of /bin if PATH is unset References: <5413271B.1010109@t-online.de> <54134A83.80107@redhat.com> <54135451.3060902@t-online.de> <601154762.20140913012935@yandex.ru> <541378C4.6030705@t-online.de> <54137BDE.6040907@redhat.com> In-Reply-To: <54137BDE.6040907@redhat.com> OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jPHAVdLlqGja9BaoQvw6oGexdBIdWCbfh" X-IsSubscribed: yes X-SW-Source: 2014-09/txt/msg00220.txt.bz2 --jPHAVdLlqGja9BaoQvw6oGexdBIdWCbfh Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-length: 1118 On 09/12/2014 05:03 PM, Eric Blake wrote: > On 09/12/2014 04:50 PM, Christian Franke wrote: >> Andrey Repin wrote: >>>> Hmm... is postfix actually broken? >>>> Unsetting PATH is IMO sane (from the POSIX POV) if all exec() calls use >>>> absolute path names. >>> If all exec() calls are made with full paths, unsetting $PATH does not >>> improve >>> security in any way, >> >> Of course. But postfix could be configured to run "unknown" external >> programs through its various daemons. In this case, a fixed (here: >> empty) PATH improves security. If not convinced, please discuss with the >> author of postfix :-) >=20 > An empty PATH leaves it up to the implementation what helpers get run > (if it doesn't fall over first), which is LESS secure than a guaranteed > safe PATH of confstr(_CS_PATH). By the way, passing a _safe_ PATH to your child process IS a good idea for security-conscious programs, but you have to do it correctly (by passing an actual safe path, and NOT by completely unsetting PATH). --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --jPHAVdLlqGja9BaoQvw6oGexdBIdWCbfh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" Content-length: 539 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJUE3x/AAoJEKeha0olJ0NqkpsIAIyAlikVTCfvsO7KugJdmHdb y6f+HBS9H1rjMhV7hwyunvv4b+n/cZ7xYu3uqz8HXVba9MikrfJ0k8Spa3d9XHbt JTfb0qBId2V1P006hR3bS95KmhZzYM8/R1+dyXup7I3FtXjXG/3S8Vs1+xa4/AZS XN0ccfaf+Jcvubzm0YUP7skiHpO2l7pbMWo/SKuqHxtuLSjicA7GNjVW3kDpj2iq h1aL2E4mx/YoJqLlwqxoqt9zQ6FDIgCMeXTNIrXJ9N8Yxl7vklitG2drJsvyf5ys okp/HTqKN0pMfCjgsAytJjZzh1hAG2yvaaTSIGRvFe5fD5zmXAWRakjzbIWGS6M= =t9Kv -----END PGP SIGNATURE----- --jPHAVdLlqGja9BaoQvw6oGexdBIdWCbfh--