From owner-freebsd-questions Thu Sep 19 06:58:03 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA18737 for questions-outgoing; Thu, 19 Sep 1996 06:58:03 -0700 (PDT) Received: from cyclone.degnet.baynet.de (root@cyclone.degnet.baynet.de [194.95.214.129]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id GAA18317 for ; Thu, 19 Sep 1996 06:57:22 -0700 (PDT) Received: from neuron (ppp3 [194.95.214.133]) by cyclone.degnet.baynet.de (8.6.12/8.6.9) with SMTP id QAA29100; Thu, 19 Sep 1996 16:01:23 +0200 Message-ID: <32416BBE.6EF8@degnet.baynet.de> Date: Thu, 19 Sep 1996 15:50:36 +0000 From: Darius Moos Reply-To: moos@degnet.baynet.de X-Mailer: Mozilla 3.0Gold (Win95; I) MIME-Version: 1.0 To: Nadav Eiron CC: FreeBSD-questions Subject: Re: Quick Question References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Yes, i did not consider this case. You all were right. Thanks to Nadav Eiron, Hr.Ladavac and Benjamin Lewis for their replies. Seems i have to change my PATH-variable now. Darius Moos. Nadav Eiron wrote: > > On Thu, 19 Sep 1996, Darius Moos wrote: > > > Yes you are right ... BUT this security-hole only occures if you are a > > lazy administrator (sorry, i do NOT want to say you are a lazy). > > I would never ever execute files as root that belong to other users. > > Doing so is really a security-hole. The administrator has always a > > simple user-account to play around in the system. It would be my > > fault when i'm executing unknown programms as root. When i could not > > resist, i'd do it as the unprivileged user. > > The other point is that IMHO adding "." to the end of the PATH-variable > > is harmless. Assume i had a user who wrote a little programm that is > > able to crash my system and names it "mv"; he saves it to his home- > > directory and i as root are staying in his home-directory. Even when > > i type "mv ..." the right thing would happen: "/bin/mv ..." would > > be executed and NOT "/mv ...". > > The other way, when "." is the first thing in the PATH, this would be > > a security-hole introduced by the administrator. > > Maybe i got something wrong ??? > This has been discussed over and over... > Assume that you mistype (well, I do alot, I guess everybody does that > once in a while). Let us further assume you tend to write ls-l instead of > ls -l sometime (I tend to do that). Now, if the devious user of yours > will have a program called ls-l that does something harmful, and then > does ls -l, you wouldn't even notice that something went wrong, and his > program will be executed because there is nothing called ls-l in the > "standard" path that comes before "." in PATH. > > Nadav > > > > > Darius Moos. > > > > > > Benjamin Lewis wrote: > > > > > > You wrote: > > > > Please explain to me why this is a security-risk. I've always had > > > > "." in my PATH. > > > > > > Just imagine this scenario: > > > > > > You are "root" and I am Mr. Evil Dude, a user on your system. > > > > > > I compile a shell, and hide it somewhere in my directories, naming it something > > > that seems harmless, like "irc." > > > > > > Next, I write a little program that, when executed as root, changes the > > > set-uid bit on my hidden shell. I name my little evil program "mroe" and have > > > it return "mroe: Command not found." after doing its job. > > > > > > Now, I create a really interesting looking directory in /tmp. Something like > > > /tmp/WaReZ would probably get your attention. I write a diatribe against > > > people who pirate software, and name it "README." I stick my little evil > > > program in /tmp/WaReZ, and wait for you to find the directory. > > > > > > You type "cd /tmp/WaReZ" and then "ls". You see the README file and the mroe > > > file, but "mroe" doesn't mean anything to you. You decide to look at the > > > README file to see what your crazy users are up to. Maybe I stick a whole > > > bunch of different files in the directory to hide the "mroe" program better, > > > all of them innocent seeming. > > > > > > If I'm lucky, and you have fumbling fingers, my little program gets executed > > > and I suddenly have a suid root shell, which I use to have my way with your > > > computer and network. You don't notice that anything weird has happened, > > > read my README file, decide that I'm a bit strange but obviously I'm an > > > upright fellow since I'm against software piracy and think nothing more of > > > it. > > > > > > The moral of the story is that root should only execute programs in > > > directories known to be controlled, unless he REALLY means to do otherwise. > > > Therefore, root should not have "." in its path. > > > > > > Hope this helps, > > > > > > -Ben > > > > > > -- > > > Benjamin Lewis - blewis@vet.purdue.edu > > > > -- > > > > > > email: moos@degnet.baynet.de > > -- email: moos@degnet.baynet.de