Date: Wed, 24 Jul 1996 08:54:01 -0400 From: Red Barchetta <paradox@pegasus.rutgers.edu> To: freebsd-questions@freebsd.org Message-ID: <199607241254.IAA08136@pegasus.rutgers.edu>
next in thread | raw e-mail | index | archive | help
From: Red Barchetta <paradox@pegasus.rutgers.edu>
Subject: Re: ["Ian Kallen" <ian@gamespot.com>: Re: Install Q& A]
In-Reply-To: Your message of Wed, 24 Jul 1996 08:37:35 -0400
> --------
>
> ( Heh must be a rush fan .. can't wait until Sept. 3! )
>
I most certainly am ! :)
>
> (shudder) ... let me give you an example...
>
> User A says that he cannot read a file in his home area... you cd to
> his home area and type 'ls'. you note that the permissions on the
> file were 111 and send him mail saying he needs to change his
> permissions. You then go about your business thinking every thing is
> ok... but what really happened is that the user had created an
> executable in his home directory called 'ls' and since '.' was in
> your path before /bin, you executed the local one. And the local one
> copyied /bin/sh to ~A/.tmp and made it setuid, and then erased the
> offending copy in the local directory and then executed the _real_ ls
> with the flags you specified.
>
> Now the user has root access. Suprise. This is one of the simplest
> examples.. there are better ones ;-).
>
> -branson
Mkaes sense. Two questions stem from that, though:
1) is there any reason that just plain old joe user should avoid '.'
in his path? (I don't see any, but just to make sure.)
2) if '.' appears as the very last entry in root's path is this
still considered a security risk? I'm not so lazy that I'm not
willing to type './command' as root--- just really curious about
this type of stuff!
I know these aren't actually FreeBSD specific questions, but I hope they
will prove to be of interest to some other novice sysadmins out there as well!
Thanks...
Ernie Pistor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607241254.IAA08136>