From owner-freebsd-hackers Tue Jun 25 00:14:47 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA25156 for hackers-outgoing; Tue, 25 Jun 1996 00:14:47 -0700 (PDT) Received: from root.com (implode.root.com [198.145.90.17]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA25128; Tue, 25 Jun 1996 00:14:40 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.5/8.6.5) with SMTP id AAA03862; Tue, 25 Jun 1996 00:14:37 -0700 (PDT) Message-Id: <199606250714.AAA03862@root.com> X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol To: "Gary Palmer" cc: -Vince- , Mark Murray , hackers@FreeBSD.ORG, security@FreeBSD.ORG, Chad Shackley , jbhunt Subject: Re: I need help on this one - please help me track this guy down! In-reply-to: Your message of "Tue, 25 Jun 1996 07:58:32 BST." <29209.835685912@palmer.demon.co.uk> From: David Greenman Reply-To: davidg@root.com Date: Tue, 25 Jun 1996 00:14:37 -0700 Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >-Vince- wrote in message ID >: >> Hmmm, doesn't everyone have . as their path since all . does is allow >> someone to run stuff from the current directory... > >No, everyone does NOT have `.' in their paths! I most certainly don't, >as I know that it's ALL to easy to have someone break your system >security that way. Imagine if you are looking into something as root, >and have `.' in your path. You go into someone elses directory, and do >a `ls'. All they need is a wrapper program called `ls' in that dir >which copies /bin/sh to some directory, chowns it to root, then sets >the setuid bit, and THEN exec's ls with the arguments given, an BANG, >there goes your system security. Actually, this particular problem can be avoided by putting "." last in the search path rather than first. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project