sudo: restrict PATH to protect against privilege escalation attacks
Protect from simple privilege escalation attacks on scripts that are
granted privileged execution for unprivileged users by restricting
the PATH to a static set.
Without doing so, it is a trivial attack to provide a binary used
by a privileged script that executes former without an absolute path
to escalate privileges by gaining code execution through that binary.
Anything run with elevated privileges through sudo shall never ever
have the possibility to pass on the unsanatized PATH from an
unprivileged user.
Signed-off-by:
Levente Polyak <anthraxx@archlinux.org>
Please register or sign in to comment