From owner-freebsd-security Tue Jun 25 01:37:50 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA02318 for security-outgoing; Tue, 25 Jun 1996 01:37:50 -0700 (PDT) Received: from grumble.grondar.za (root@grumble.grondar.za [196.7.18.130]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA02304; Tue, 25 Jun 1996 01:37:34 -0700 (PDT) Received: from grumble.grondar.za (mark@localhost.grondar.za [127.0.0.1]) by grumble.grondar.za (8.7.5/8.7.3) with ESMTP id KAA08996; Tue, 25 Jun 1996 10:36:53 +0200 (SAT) Message-Id: <199606250836.KAA08996@grumble.grondar.za> To: -Vince- cc: Mark Murray , hackers@FreeBSD.org, security@FreeBSD.org, Chad Shackley , jbhunt Subject: Re: I need help on this one - please help me track this guy down! Date: Tue, 25 Jun 1996 10:36:52 +0200 From: Mark Murray Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk -Vince- wrote: > > Example: user suspects you may be a DOS user, and are likely to try > > to type the "dir" or "cls" command every now and then (by mistake). > > > > In his home directory he places a script called "dir" that creates a > > suid shell (silently) then prints the usual "command not found" error. > > > > He then phones you, asking for support, and tries to trick you into > > running his script. Having "." in your path makes his trickery easier. > > Hmmm, that's only if we had phone support.... We don't :) but do > admins really go run a program that the user said won't run? Don't pick details. The point is that there is the problem that you could be tricked (somehow) into running a user's script instead of a system binary. This can happen even if the "." is at the end of your path if the program/script is not the name of a system app. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grondar.za for PGP key