read bio
Follow

@wxcafe@social.wxcafe.net human trusts in their $PATH to be nonpoisonous?
how funny

· · 0 · 0 · 0
read bio

@wxcafe@social.wxcafe.net what you dont know is your sudo has been redirecting to a sudo binary in a hidden directory in your $PATH that logs your password and passes it to sudo so sudo still works but it has your password

0
<b>Haelwenn /ɛlwən/ </b>

@boots @wxcafe Trusted Path Execution of grsecurity.org then. (also which/where/whereis/echo $PATH are your friends here)

0
read bio

@lanodan_tmp @wxcafe@social.wxcafe.net people accidentally type their passwords into their shells and don't scrub it from ~/.[shell]_history i think expecting people to check that is asking a bit

0
<b>Haelwenn /ɛlwən/ </b>

@boots @wxcafe Theses are called PEBKAC or lusers I think.

0
read bio

@lanodan_tmp @wxcafe@social.wxcafe.net also, you didn't consider the possibility of "which where when why" all also being poisoned

once a competent enough attacker has control of your ~/.[shell]_profile, all they have to do is wait for you to mess up

0
<b>Haelwenn /ɛlwən/ </b>

@boots @wxcafe
which which
/usr/bin/which which
where which
which where

And so on, also if you’re like… uh what about compilers and not trusting binairies there is something about that too in reproductible builds.

0
Sign in to participate in the conversation
Computer Fairies

Computer Fairies is a Mastodon instance that aims to be as queer, friendly and furry as possible. We welcome all kinds of computer fairies!

Resources

Developers

What is Mastodon?

computerfairi.es

More…