Re: [PATCH] Prefer getenv("HOME") to find the UNIX home directory

Kyotaro Horiguchi <horikyota.ntt@gmail.com>

From: Kyotaro Horiguchi <horikyota.ntt@gmail.com>
To: andersk@mit.edu
Cc: alvherre@alvh.no-ip.org, pgsql-hackers@lists.postgresql.org
Date: 2021-10-20T05:40:14Z
Lists: pgsql-hackers
At Tue, 19 Oct 2021 02:44:03 -0700, Anders Kaseorg <andersk@mit.edu> wrote in 
> On 10/19/21 01:34, Kyotaro Horiguchi wrote:
> > I tend to agree to this, but seeing ssh ignoring $HOME, I'm not sure
> > it's safe that we follow the variable at least when accessing
> > confidentiality(?) files.  Since I don't understand the exact
> > reasoning for the ssh's behavior so it's just my humbole opinion.
> 
> According to https://bugzilla.mindrot.org/show_bug.cgi?id=3048#c1, it
> used to be supported to install the ssh binary as setuid.  A
> setuid/setgid binary needs to treat all environment variables with
> suspicion: if it can be convinced to write a file to $HOME with root
> privileges, then a user who modifies $HOME before invoking the binary
> could cause it to write to a file that the user normally couldn’t.
> 
> There’s no such concern for a binary that isn’t setuid/setgid.  Anyone
> with the ability to modify $HOME can be assumed to already have full
> control of the user account.

Thansk for the link.  Still I'm not sure it's the fact but it sounds
reasonable enough.  If that's the case, I vote +1 for psql or other
commands honoring $HOME.

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center

Commits

  1. Clean up messy API for src/port/thread.c.

  2. Prefer $HOME when looking up the current user's home directory.