Latest cygwin.bat - need one
Tim McDaniel
tmcd@panix.com
Mon Dec 12 07:13:00 GMT 2011
On Mon, 12 Dec 2011, Mike Brown wrote:
> Doing some more digging I found
> the following posting (via google):
>
> > Does changing 'bash' to '/bin/bash' make a difference?
>
> Answering my own question: yes.
>
> There was a change in execvp()'s behaviour to no longer look up
> an executable in the current working directory, wasn't there? I
> can't find it in the ChangeLog though.
>
> You've got to be kidding. Why was the looking into CWD removed?
PATH specifies the list of directories to search for executables.
So if execvp() ever used "." unconditionally regardless of PATH,
then it violated one of the most long-standing UNIXy rules.
It can also be a massive security hole. On a multi-user system,
I can put a script named "ls" in /tmp, or other likely directory for
others to cd to, to
- copy /bin/bash to some location
- set the setuid bit and setgid on this copy
- run /bin/ls
(Bonus points: somehow filter out this nasty ls script if they are
looking at /tmp. This is hard.)
Anyone foolish enough to put "." near the start of their PATH and who
did
cd /tmp
ls
would thereby get their account hacked, and changing their password
would do no good. I removed "." from my PATH in the 1980s for just
this reason. At least if "." is after standard system directories
like /bin /usr/bin, it mitigates the problem to a large extent: it
catches only typos and attempts to run programs that you don't have
installed. I wonder if there are any common typos to try for.
If execvp() ever looked in "." unconditionally, there would be no way
to ever completely close this security hole.
--
Tim McDaniel, tmcd@panix.com
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list