Date: Thu, 19 Sep 1996 10:52:50 +0000 From: Darius Moos <moos@degnet.baynet.de> To: Benjamin Lewis <blewis@vet.purdue.edu> Cc: FreeBSD-questions <questions@freebsd.org> Subject: Re: Quick Question Message-ID: <32412602.6D2@degnet.baynet.de> References: <199609182000.PAA05245@ylana.vet.purdue.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes you are right ... BUT this security-hole only occures if you are a lazy administrator (sorry, i do NOT want to say you are a lazy). I would never ever execute files as root that belong to other users. Doing so is really a security-hole. The administrator has always a simple user-account to play around in the system. It would be my fault when i'm executing unknown programms as root. When i could not resist, i'd do it as the unprivileged user. The other point is that IMHO adding "." to the end of the PATH-variable is harmless. Assume i had a user who wrote a little programm that is able to crash my system and names it "mv"; he saves it to his home- directory and i as root are staying in his home-directory. Even when i type "mv ..." the right thing would happen: "/bin/mv ..." would be executed and NOT "<home-of-evil-user>/mv ...". The other way, when "." is the first thing in the PATH, this would be a security-hole introduced by the administrator. Maybe i got something wrong ??? Darius Moos. Benjamin Lewis wrote: > > You wrote: > > Please explain to me why this is a security-risk. I've always had > > "." in my PATH. > > Just imagine this scenario: > > You are "root" and I am Mr. Evil Dude, a user on your system. > > I compile a shell, and hide it somewhere in my directories, naming it something > that seems harmless, like "irc." > > Next, I write a little program that, when executed as root, changes the > set-uid bit on my hidden shell. I name my little evil program "mroe" and have > it return "mroe: Command not found." after doing its job. > > Now, I create a really interesting looking directory in /tmp. Something like > /tmp/WaReZ would probably get your attention. I write a diatribe against > people who pirate software, and name it "README." I stick my little evil > program in /tmp/WaReZ, and wait for you to find the directory. > > You type "cd /tmp/WaReZ" and then "ls". You see the README file and the mroe > file, but "mroe" doesn't mean anything to you. You decide to look at the > README file to see what your crazy users are up to. Maybe I stick a whole > bunch of different files in the directory to hide the "mroe" program better, > all of them innocent seeming. > > If I'm lucky, and you have fumbling fingers, my little program gets executed > and I suddenly have a suid root shell, which I use to have my way with your > computer and network. You don't notice that anything weird has happened, > read my README file, decide that I'm a bit strange but obviously I'm an > upright fellow since I'm against software piracy and think nothing more of > it. > > The moral of the story is that root should only execute programs in > directories known to be controlled, unless he REALLY means to do otherwise. > Therefore, root should not have "." in its path. > > Hope this helps, > > -Ben > > -- > Benjamin Lewis - blewis@vet.purdue.edu -- email: moos@degnet.baynet.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32412602.6D2>