From owner-freebsd-hackers Tue Jun 25 00:14:00 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA25009 for hackers-outgoing; Tue, 25 Jun 1996 00:14:00 -0700 (PDT) Received: from grumble.grondar.za (root@grumble.grondar.za [196.7.18.130]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA24973; Tue, 25 Jun 1996 00:13:50 -0700 (PDT) Received: from grumble.grondar.za (mark@localhost.grondar.za [127.0.0.1]) by grumble.grondar.za (8.7.5/8.7.3) with ESMTP id JAA08662; Tue, 25 Jun 1996 09:12:52 +0200 (SAT) Message-Id: <199606250712.JAA08662@grumble.grondar.za> To: -Vince- cc: Mark Murray , hackers@FreeBSD.org, security@FreeBSD.org, Chad Shackley , jbhunt Subject: Re: I need help on this one - please help me track this guy down! Date: Tue, 25 Jun 1996 09:12:50 +0200 From: Mark Murray Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk -Vince- wrote: > > > Hmmm, doesn't everyone have . as their path since all . does is allow > > > someone to run stuff from the current directory... > > > > Not root! this leaves you wide open for trojans. As root you should > > have to type ./foo to run foo in the current directory. > > Hmmm, really? It seems like almost all systems root has . for the > path but if the directory for root is like read, write, execute by root > only, how will they get into it? Example: user suspects you may be a DOS user, and are likely to try to type the "dir" or "cls" command every now and then (by mistake). In his home directory he places a script called "dir" that creates a suid shell (silently) then prints the usual "command not found" error. He then phones you, asking for support, and tries to trick you into running his script. Having "." in your path makes his trickery easier. Voila! M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grondar.za for PGP key