MikeMcQuaid
commented
5 years ago That blog post is wrong in multiple ways.
malign code to hijack sudo with a command which could harvest the user password that lived in
/usr/local/bin/
Many users have user-writable directories in their PATH ahead of /usr/bin. Homebrew ensures that it sanitises the PATH so that it will never use an incorrect sudo.
If an application gets write access to your user writable directories there's many things they could do to attack you. For example, they can modify your user Bash (or any other number of) configuration to override any of this.
iandol
Possibly this has been raised before (I would have thought it would) but a search in Issues yielded no results; please read this first: https://applehelpwriter.com/2018/03/21/how-homebrew-invites-users-to-get-pwned/
The basic premise is that with homebrew installed, there is a higher potential for malign code to hijack sudo with a command which could harvest the user password that lived in
/usr/local/bin/(has user permissions and already higher in the path than/usr/bin). It seems this would be doable anyway in another user-owned folder but possibly involves an extra step editing the path. Anyway, I wondered if a simple check by brew to make sure that sudo was not being redirected to/usr/local/bin/wouldn't be worth considering? I'm no security expert so may well be barking up the wrong tree, or even in the wrong forest! 😰