Date: Wed, 24 Jul 1996 06:43:20 -0700 (MST) From: Don Yuniskis <dgy@rtd.com> To: paradox@pegasus.rutgers.edu (Red Barchetta) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: your mail Message-ID: <199607241343.GAA15489@seagull.rtd.com> In-Reply-To: <199607241254.IAA08136@pegasus.rutgers.edu> from "Red Barchetta" at Jul 24, 96 08:54:01 am
next in thread | previous in thread | raw e-mail | index | archive | help
It seems that Red Barchetta said: > > From: Red Barchetta <paradox@pegasus.rutgers.edu> > Subject: Re: ["Ian Kallen" <ian@gamespot.com>: Re: Install Q& A] > In-Reply-To: Your message of Wed, 24 Jul 1996 08:37:35 -0400 > > > (shudder) ... let me give you an example... > > > > User A says that he cannot read a file in his home area... you cd to > > his home area and type 'ls'. you note that the permissions on the > > file were 111 and send him mail saying he needs to change his > > permissions. You then go about your business thinking every thing is > > ok... but what really happened is that the user had created an > > executable in his home directory called 'ls' and since '.' was in > > your path before /bin, you executed the local one. And the local one > > copyied /bin/sh to ~A/.tmp and made it setuid, and then erased the > > offending copy in the local directory and then executed the _real_ ls > > with the flags you specified. > > > > Now the user has root access. Suprise. This is one of the simplest > > examples.. there are better ones ;-). > > Mkaes sense. Two questions stem from that, though: > > 1) is there any reason that just plain old joe user should avoid '.' > in his path? (I don't see any, but just to make sure.) Same as above. "joe user" doesn't want to give *his* permissions away! > 2) if '.' appears as the very last entry in root's path is this > still considered a security risk? I'm not so lazy that I'm not > willing to type './command' as root--- just really curious about > this type of stuff! I think the point of *forcing* you to type the "./" is hopefully a reminder that you are executing an "alien" -- and potentially hostile -- program.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607241343.GAA15489>