On 9/3/19 10:35 AM, Jelle van der Waa wrote:

Hi all,

Thanks to anthraxx, we now restrict the PATH which `sudo extra-x86_64-build` and other sudoers specific infra uses using restrict_path. To circumvent users overridding their own PATH with tools which are used in our build scripts which basically allows privilege escalation. [1]

This shouldn't cause any issues, if they do contact me or anthraxx.

[1] https://git.archlinux.org/infrastructure.git/commit/?id=1eb1dd41f8c734380a38...

Thanks, anthraxx! I was a bit surprised to find out that I could just drop arbitrary scripts like "arch-nspawn" into $HOME/bin and get root on soyuz/dragon without even trying. :/ Note: this also applied to the "archive" user on orion, which is not a build box and also wouldn't allow root, but would allow any Dev/TU to scribble all over archive.archlinux.org (which is supposed to only allow adding new files, not deleting old ones). -- Eli Schwartz Bug Wrangler and Trusted User