Date: Tue, 25 Jun 1996 03:04:08 -0600 (MDT) From: Stephen Fisher <lithium@cia-g.com> To: security@freebsd.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.LNX.3.91.960625030254.18898A-100000@gallup.cia-g.com> In-Reply-To: <199606250714.AAA03862@root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
And for the example of people putting an sl (mistyped ls) or something in /tmp I mount world writable directories with "noexec" On Tue, 25 Jun 1996, David Greenman wrote: > >-Vince- wrote in message ID > ><Pine.BSF.3.91.960624232727.21697c-100000@mercury.gaianet.net>: > >> Hmmm, doesn't everyone have . as their path since all . does is allow > >> someone to run stuff from the current directory... > > > >No, everyone does NOT have `.' in their paths! I most certainly don't, > >as I know that it's ALL to easy to have someone break your system > >security that way. Imagine if you are looking into something as root, > >and have `.' in your path. You go into someone elses directory, and do > >a `ls'. All they need is a wrapper program called `ls' in that dir > >which copies /bin/sh to some directory, chowns it to root, then sets > >the setuid bit, and THEN exec's ls with the arguments given, an BANG, > >there goes your system security. > > Actually, this particular problem can be avoided by putting "." last in > the search path rather than first. > > -DG > > David Greenman > Core-team/Principal Architect, The FreeBSD Project > - Steve - Systems Manager - Community Internet Access - http://www.cia-g.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.960625030254.18898A-100000>