Security and $PATH

guy at rlgvax.UUCP guy at rlgvax.UUCP
Mon Aug 1 18:28:27 AEST 1983


	On the UNIX systems I am familiar with (running USG 5.0), the PATH
	variable is set, both in /etc/profile and in login, to begin with a
	':', meaning that the current directory is the first directory to be
	searched.

	It seems to me that this is a significant security hole, because it
	means that a user can set a booby trap by writing a shell that has
	the same name as a common command, but does something significantly
	different.

	Is it a common practice to have the default PATH begin with a ':'?
	Is there a real good reason to make this the default?

Yes, it is an almost universal practice.  However, all USG systems I know
about DO protect the superuser; the default PATH for "root" is
/bin:/etc:/usr/bin (or some permutation thereof).  I find it a pain when "root"
to have to say "./xxx" to run a test version of the program "xxx" (for obscure
reasons I do most development work on our System III systems as "root"), but
I have gotten into the habit of saying "./xxx".  There is a good reason to
make it the default; people are used to it.  If somebody feels like being very
security-conscious I feel it is THEIR responsibility to change their PATH.
I suspect it's somewhat of an issue like compulsory seat-belt laws or helmet
laws; some feel it is a person's responsibility to protect themselves and some
feel this protection should be required whether the person wants it or not.
(No flames please, this is NOT a statement of my views on seat-belt or helmet
laws.)  As such, I guess it's really up to the system administrator; you
can always hack "/etc/profile", and anybody who doesn't like the PATH they've
been given can always replace it in their ".profile" anyway.

	Guy Harris
	{seismo,mcnc,we13,brl-bmd,allegra}!rlgvax!guy



More information about the Comp.unix.wizards mailing list