From owner-freebsd-current Thu Oct 10 00:45:10 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA26608 for current-outgoing; Thu, 10 Oct 1996 00:45:10 -0700 (PDT) Received: from soda.CSUA.Berkeley.EDU (soda.CSUA.Berkeley.EDU [128.32.43.52]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id AAA26602 for ; Thu, 10 Oct 1996 00:45:08 -0700 (PDT) Received: from localhost (richardc@localhost) by soda.CSUA.Berkeley.EDU (8.6.12/8.6.12) with SMTP id AAA25705; Thu, 10 Oct 1996 00:45:52 -0700 Date: Thu, 10 Oct 1996 00:45:51 -0700 (PDT) From: Veggy Vinny To: Mark Murray cc: Warner Losh , current@FreeBSD.org Subject: Re: /usr/bin/install in -current broken In-Reply-To: <199610100603.IAA12278@grumble.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 10 Oct 1996, Mark Murray wrote: > Veggy Vinny wrote: > > Hmmm, is moving the '.' to the last component in the path still a > > security risk? I guess you are right that I don't want to have it in > > root's path but I guess as the last component it should be okay since no > > one can name something with the same name and have me run it... =) > > Of course. Al someon has to do is name a script/trojan/whatever > as anything that is commonly mistyped to get you. > > How often do you type (for instance) > > l s-al for ls -al > fin or fnid for find > etc? Not that often... > This leaves (in these cases) l, fin an fnid open for an attacker. It seems like on our machines, they don't hack by logging in to the machine but I don't know what they did to put a program in a port and then they telnet to it to get root shell without even logging in... Cheers, -Vince- GaiaNet Corporation Unix Networking Operation