Security and PATH

fostel at ncsu.UUCP fostel at ncsu.UUCP
Wed Aug 3 02:55:12 AEST 1983



    For all of those who think that the SU is the only one who needs to
    have ./ removed from the head of the search list -- think again.  If
    YOU have it on yours then I can trap you.  So I can do things like
    run a secret command which will build me a setuid shell with YOU the
    U in the UID.  Now I will know where it is, so I can become you anytime
    I want.

    Quite right, that may be bad for you, but not for SU and the system at
    large.  Wrong again.  I have never seen a UNIX where there were not a
    variaty of VERY INTERESTING things could be done if only one could get
    the permissions of one of the maintenance groups, sometimes called "bin"
    or "admin"  or "sys" or or or.  So, since You dear potential superuser
    are probably a member of those groups, I will now be able to do work in
    those very enticing groups.  In a matter of 10-15 minutes, I will have
    found the file I need, the precise one varies, which is writable to that
    onderful group and which allows me to either become SU or set a wonderful
    trapdoor to allow myself to become one in a matter or a day or so at most.

    Sooooo, if you are one of the potential SU's (and you probably are if
    you are reading this) then Y-O-U need to take the ./ off your search
    path before I come and raid your system. Or someone with more malicious
    intent.   My appologies to those who think this stuff should not be
    spoken openly, but this one is so simple to fix that everyone will
    dash out right away and fix their PATH's.  RIGHT?  Well you ought'a.
    ----GaryFostel----



More information about the Comp.unix.wizards mailing list