From owner-freebsd-questions  Wed Jul 24 10:01:38 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA00736
          for questions-outgoing; Wed, 24 Jul 1996 10:01:38 -0700 (PDT)
Received: from baygate.bayarea.net (baygate.bayarea.net [204.71.212.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA00717
          for <freebsd-questions@freebsd.org>; Wed, 24 Jul 1996 10:01:33 -0700 (PDT)
Received: (from mcnab@localhost) by baygate.bayarea.net (8.6.9/8.6.9) id JAA18900; Wed, 24 Jul 1996 09:54:47 -0700
Date: Wed, 24 Jul 1996 09:54:47 -0700
From: David McNab <mcnab@bayarea.net>
Message-Id: <199607241654.JAA18900@baygate.bayarea.net>
To: dgy@rtd.com
CC: paradox@pegasus.rutgers.edu, freebsd-questions@freebsd.org
In-reply-to: <199607241343.GAA15489@seagull.rtd.com> (message from Don
	Yuniskis on Wed, 24 Jul 1996 06:43:20 -0700 (MST))
Subject: Re: your mail
Reply-to: David McNab <mcnab@bayarea.net>
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

|>         2) if '.' appears as the very last entry in root's path is this
|>         still considered a security risk?  I'm not so lazy that I'm not
|>         willing to type './command' as root--- just really curious about
|>         this type of stuff!
|
|I think the point of *forcing* you to type the "./" is hopefully a
|reminder that you are executing an "alien" -- and potentially hostile
|-- program.

     The only risk I can think of with "." at the end
of the path is where a particularly devious attacker
creates trojan horse "typos" and tries to catch you
out.  For example "lss" for ls(1) or some such.  Or I
suppose one could snoop through the administrator's
"regular" account dot files to find his favorite
aliases and shell functions, make trojan horse
executables of the same name, then deliberately create
a situation that would tempt the admin to use them.  If
like many people he (wisely) did not use aliases or
shell functions as root, you might be able to catch him
using one of them them out of habit.

     Neither of those seems very effective though, and
they would be really easy to spot.  Is there a sneakier
scheme I'm not thinking of?
     
     In any case, I usually keep "." out of root's path
and out of the system-wide defaults.  But if a
particular user wants to put "." at the end of the
path, I really don't think it's a problem.

     In fact one could argue that it's better to put
"." at the end of the default path for users, so that
they don't add it themselves and put it at the
beginning out of ignorance.

  -- Dave McNab