From owner-freebsd-security  Tue Jun 25 02:03:04 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id CAA04679
          for security-outgoing; Tue, 25 Jun 1996 02:03:04 -0700 (PDT)
Received: from gallup.cia-g.com (root@gallup.cia-g.com [206.206.162.10])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id CAA04667
          for <security@freebsd.org>; Tue, 25 Jun 1996 02:02:59 -0700 (PDT)
Received: from gallup.cia-g.com (gallup.cia-g.com [206.206.162.10]) by gallup.cia-g.com (8.6.11/8.6.9) with SMTP id DAA18993 for <security@freebsd.org>; Tue, 25 Jun 1996 03:04:09 -0600
Date: Tue, 25 Jun 1996 03:04:08 -0600 (MDT)
From: Stephen Fisher <lithium@cia-g.com>
To: security@freebsd.org
Subject: Re: I need help on this one - please help me track this guy down! 
In-Reply-To: <199606250714.AAA03862@root.com>
Message-ID: <Pine.LNX.3.91.960625030254.18898A-100000@gallup.cia-g.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


And for the example of people putting an sl (mistyped ls) or something in 
/tmp I mount world writable directories with "noexec"

On Tue, 25 Jun 1996, David Greenman wrote:

> >-Vince- wrote in message ID
> ><Pine.BSF.3.91.960624232727.21697c-100000@mercury.gaianet.net>:
> >> 	Hmmm, doesn't everyone have . as their path since all . does is allow
> >> someone to run stuff from the current directory...
> >
> >No, everyone does NOT have `.' in their paths! I most certainly don't,
> >as I know that it's ALL to easy to have someone break your system
> >security that way. Imagine if you are looking into something as root,
> >and have `.' in your path. You go into someone elses directory, and do
> >a `ls'. All they need is a wrapper program called `ls' in that dir
> >which copies /bin/sh to some directory, chowns it to root, then sets
> >the setuid bit, and THEN exec's ls with the arguments given, an BANG,
> >there goes your system security.
> 
>    Actually, this particular problem can be avoided by putting "." last in
> the search path rather than first.
> 
> -DG
> 
> David Greenman
> Core-team/Principal Architect, The FreeBSD Project
> 

 - Steve
  - Systems Manager
  - Community Internet Access
  - http://www.cia-g.com