[arch-projects] [dbscripts] [RFC] Perform all database and copy operations using a dedicated user

Thomas Bächler thomas at archlinux.org
Sun Nov 3 10:47:53 EST 2013

Am 03.11.2013 14:47, schrieb Dave Reisner:
>> +switch_user() {rror
>> +	local user
>> +
>> +	user=$(whoami)
> I'm not sure what sort of security this is meant to introduce, but it's
> easy to forge a binary called 'whoami' which returns whatever you want
> and put it higher in your PATH. It's equally easy to override the USER
> environment var, and even readonly variables like UID.
> Suggestions:
> 1) Explicitly call /usr/bin/whoami or /usr/bin/id
> 2) Maybe there's a way to use sudo directly for authentication as well?
> Thinking about something with 'sudo -l $binary'.

Actually, now that you mention it, $USER should be sufficient. This
check only ensures that we switch users whenever we should. If someone
works around it, it will only lead to errors since permissions are

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20131103/6ac4ae8e/attachment.asc>

More information about the arch-projects mailing list