From owner-freebsd-questions Thu Sep 19 02:00:33 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA27773 for questions-outgoing; Thu, 19 Sep 1996 02:00:33 -0700 (PDT) Received: from cyclone.degnet.baynet.de (cyclone.degnet.baynet.de [194.95.214.129]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id CAA27723 for ; Thu, 19 Sep 1996 02:00:26 -0700 (PDT) Received: from neuron (ppp2 [194.95.214.132]) by cyclone.degnet.baynet.de (8.6.12/8.6.9) with SMTP id LAA27178; Thu, 19 Sep 1996 11:03:31 +0200 Message-ID: <32412602.6D2@degnet.baynet.de> Date: Thu, 19 Sep 1996 10:52:50 +0000 From: Darius Moos Reply-To: moos@degnet.baynet.de X-Mailer: Mozilla 3.0Gold (Win95; I) MIME-Version: 1.0 To: Benjamin Lewis CC: FreeBSD-questions Subject: Re: Quick Question References: <199609182000.PAA05245@ylana.vet.purdue.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Yes you are right ... BUT this security-hole only occures if you are a lazy administrator (sorry, i do NOT want to say you are a lazy). I would never ever execute files as root that belong to other users. Doing so is really a security-hole. The administrator has always a simple user-account to play around in the system. It would be my fault when i'm executing unknown programms as root. When i could not resist, i'd do it as the unprivileged user. The other point is that IMHO adding "." to the end of the PATH-variable is harmless. Assume i had a user who wrote a little programm that is able to crash my system and names it "mv"; he saves it to his home- directory and i as root are staying in his home-directory. Even when i type "mv ..." the right thing would happen: "/bin/mv ..." would be executed and NOT "/mv ...". The other way, when "." is the first thing in the PATH, this would be a security-hole introduced by the administrator. Maybe i got something wrong ??? Darius Moos. Benjamin Lewis wrote: > > You wrote: > > Please explain to me why this is a security-risk. I've always had > > "." in my PATH. > > Just imagine this scenario: > > You are "root" and I am Mr. Evil Dude, a user on your system. > > I compile a shell, and hide it somewhere in my directories, naming it something > that seems harmless, like "irc." > > Next, I write a little program that, when executed as root, changes the > set-uid bit on my hidden shell. I name my little evil program "mroe" and have > it return "mroe: Command not found." after doing its job. > > Now, I create a really interesting looking directory in /tmp. Something like > /tmp/WaReZ would probably get your attention. I write a diatribe against > people who pirate software, and name it "README." I stick my little evil > program in /tmp/WaReZ, and wait for you to find the directory. > > You type "cd /tmp/WaReZ" and then "ls". You see the README file and the mroe > file, but "mroe" doesn't mean anything to you. You decide to look at the > README file to see what your crazy users are up to. Maybe I stick a whole > bunch of different files in the directory to hide the "mroe" program better, > all of them innocent seeming. > > If I'm lucky, and you have fumbling fingers, my little program gets executed > and I suddenly have a suid root shell, which I use to have my way with your > computer and network. You don't notice that anything weird has happened, > read my README file, decide that I'm a bit strange but obviously I'm an > upright fellow since I'm against software piracy and think nothing more of > it. > > The moral of the story is that root should only execute programs in > directories known to be controlled, unless he REALLY means to do otherwise. > Therefore, root should not have "." in its path. > > Hope this helps, > > -Ben > > -- > Benjamin Lewis - blewis@vet.purdue.edu -- email: moos@degnet.baynet.de