From owner-freebsd-security Tue Jun 25 00:32:59 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA27035 for security-outgoing; Tue, 25 Jun 1996 00:32:59 -0700 (PDT) Received: from mercury.gaianet.net (root@mercury.gaianet.net [206.171.98.26]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA27013; Tue, 25 Jun 1996 00:32:54 -0700 (PDT) Received: (from vince@localhost) by mercury.gaianet.net (8.7.5/8.6.12) id AAA06854; Tue, 25 Jun 1996 00:32:34 -0700 (PDT) Date: Tue, 25 Jun 1996 00:32:34 -0700 (PDT) From: -Vince- To: David Greenman cc: Gary Palmer , Mark Murray , hackers@FreeBSD.ORG, security@FreeBSD.ORG, Chad Shackley , jbhunt Subject: Re: I need help on this one - please help me track this guy down! In-Reply-To: <199606250714.AAA03862@root.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 25 Jun 1996, David Greenman wrote: > >-Vince- wrote in message ID > >: > >> Hmmm, doesn't everyone have . as their path since all . does is allow > >> someone to run stuff from the current directory... > > > >No, everyone does NOT have `.' in their paths! I most certainly don't, > >as I know that it's ALL to easy to have someone break your system > >security that way. Imagine if you are looking into something as root, > >and have `.' in your path. You go into someone elses directory, and do > >a `ls'. All they need is a wrapper program called `ls' in that dir > >which copies /bin/sh to some directory, chowns it to root, then sets > >the setuid bit, and THEN exec's ls with the arguments given, an BANG, > >there goes your system security. > > Actually, this particular problem can be avoided by putting "." last in > the search path rather than first. Hmmm, that's what I've noticed is everyone having "." last on the path and not first. My .cshrc's path is actually from ref.tfs.com when it was the 386bsd days... Vince