From owner-freebsd-hackers  Tue Jun 25 01:43:16 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA02864
          for hackers-outgoing; Tue, 25 Jun 1996 01:43:16 -0700 (PDT)
Received: from proxy.siemens.at (proxy.siemens.at [192.138.228.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id BAA02364;
          Tue, 25 Jun 1996 01:37:57 -0700 (PDT)
Received: from sol1.gud.siemens.co.at (sol-f.gud.siemens-austria) by proxy.siemens.at with SMTP id AA12616
  (5.67a/IDA-1.5); Tue, 25 Jun 1996 10:36:56 +0200
Received: from ws2301.gud.siemens.co.at by sol1.gud.siemens.co.at with smtp
	(Smail3.1.28.1 #7 for <hackers@FreeBSD.ORG>) 
	id m0uYTc3-00021HC; Tue, 25 Jun 96 10:36 MET DST
Received: by ws2301.gud.siemens.co.at (1.37.109.16/1.37)
	id AA269621747; Tue, 25 Jun 1996 10:35:47 +0200
From: "Hr.Ladavac" <lada@ws2301.gud.siemens.co.at>
Message-Id: <199606250835.AA269621747@ws2301.gud.siemens.co.at>
Subject: Re: I need help on this one - please help me track this guy down!
To: davidg@root.com
Date: Tue, 25 Jun 1996 10:35:46 +0200 (MESZ)
Cc: gpalmer@FreeBSD.ORG, vince@mercury.gaianet.net, mark@grumble.grondar.za,
        hackers@FreeBSD.ORG, security@FreeBSD.ORG, chad@mercury.gaianet.net,
        jbhunt@mercury.gaianet.net
In-Reply-To: <199606250714.AAA03862@root.com> from "David Greenman" at Jun 25, 96 00:14:37 am
X-Mailer: ELM [version 2.4 PL24 ME8a]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

In his e-mail David Greenman wrote:
> 
> >-Vince- wrote in message ID
> ><Pine.BSF.3.91.960624232727.21697c-100000@mercury.gaianet.net>:
> >> 	Hmmm, doesn't everyone have . as their path since all . does is allow
> >> someone to run stuff from the current directory...
> >
> >No, everyone does NOT have `.' in their paths! I most certainly don't,
> >as I know that it's ALL to easy to have someone break your system
> >security that way. Imagine if you are looking into something as root,
> >and have `.' in your path. You go into someone elses directory, and do
> >a `ls'. All they need is a wrapper program called `ls' in that dir
> >which copies /bin/sh to some directory, chowns it to root, then sets
> >the setuid bit, and THEN exec's ls with the arguments given, an BANG,
> >there goes your system security.
> 
>    Actually, this particular problem can be avoided by putting "." last in
> the search path rather than first.

But Trojan mroe versus okay more can not.  Current directory has no place in
path.  Not even for a normal user.  root should not have any path whatsoever;
even though this is a tad too paranoid.

/Marino
> 
> -DG
> 
> David Greenman
> Core-team/Principal Architect, The FreeBSD Project
>