Score:0

Ubuntu

Can a non-root modify environment variables?

Trigosin Darom

1/12/23, 11:08 AM

Can a non-root (without sudo permissions) run the following command:

export PATH=/tml:$PATH

If so, how does it work?

I thought environment variables are read-only for non-root users, while shell variables can be modified freely.

0 + 0

bash

environment-variables

muru

1/12/23, 11:21 AM

"I thought environment variables are read-only," Why did you think that?

Trigosin Darom

1/12/23, 11:25 AM

@muru for non-root users

muru

1/12/23, 11:53 AM

The question remains. What did you read or see that makes you think so?

Trigosin Darom

1/12/23, 12:39 PM

To my understanding, environment variables (unlike shell variables) are global. Which means they apply to every process. This is very dangerous if any user can modify values there.

muru

1/12/23, 12:41 PM

Every process has a *copy* of environment variables inherited from its parent, and can modify its own set of environment variables and also the set of environment variables passed to child processes upon creation.

Trigosin Darom

1/12/23, 12:50 PM

The reason I'm asking is because I tried to solve a ctf challenge where there was a weak user with a sudo permission to run "date --date 'yesterday'" as root. The solution was to create an executable named 'date' and change the PATH env variable so it will reach the modified 'date' executable. I'm still not sure how it works because root's PATH variable shouldn't be affected.

muru

1/12/23, 2:15 PM

That still shouldn't have worked as stated. For sudo, if permission is given for a specific command, the full path to that command has to be specified. If it worked for you, the sudo configuration was some very insecure thing.

Score:1

Ubuntu

sudodus

1/12/23, 11:27 AM

The output of the following commands should convince you that you can modify your environment variables.

$ grep PATH ~/.profile 
# set PATH so it includes user's private bin if it exists
    PATH=~/bin:"${PATH}"
PATH="$PATH:/usr/games"

$ ls -l ~/.profile
-rw-r--r-- 1 sudodus sudodus 632 dec 10  2010 /home/sudodus/.profile

In other words, you can not only modify these variables temporarily, but also make it persist by modifying your configuration file ~/.profile. You, as a regular user can do it.

The following command line shows system files, where the PATH is set or modified

sudo grep -r 'PATH=' /etc/*

You may want to get more details. See for example the following link,

Unix & Linux: Complete view of where the PATH variable is set in bash - particularly the answer by Gilles.

0 + 0

Trigosin Darom

1/12/23, 11:29 AM

So any user can change environment variables GLOBALY? And it will apply on root as well? Seems like I'm missing something here.

sudodus

1/12/23, 11:31 AM

You can change ***your*** environment variables, but not for other users unless you have superuser permisisons (can use `sudo`).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can a non-root modify environment variables?

TH: ตัวแปรสภาพแวดล้อมที่ไม่ใช่รูทสามารถแก้ไขได้หรือไม่

RO: Poate un non-root să modifice variabilele de mediu?

RU: Может ли пользователь без полномочий root изменять переменные среды?

VI: Biến môi trường không phải root có thể sửa đổi không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.