Security and PATH
fostel at ncsu.UUCP
fostel at ncsu.UUCP
Wed Aug 3 02:55:12 AEST 1983
For all of those who think that the SU is the only one who needs to
have ./ removed from the head of the search list -- think again. If
YOU have it on yours then I can trap you. So I can do things like
run a secret command which will build me a setuid shell with YOU the
U in the UID. Now I will know where it is, so I can become you anytime
I want.
Quite right, that may be bad for you, but not for SU and the system at
large. Wrong again. I have never seen a UNIX where there were not a
variaty of VERY INTERESTING things could be done if only one could get
the permissions of one of the maintenance groups, sometimes called "bin"
or "admin" or "sys" or or or. So, since You dear potential superuser
are probably a member of those groups, I will now be able to do work in
those very enticing groups. In a matter of 10-15 minutes, I will have
found the file I need, the precise one varies, which is writable to that
onderful group and which allows me to either become SU or set a wonderful
trapdoor to allow myself to become one in a matter or a day or so at most.
Sooooo, if you are one of the potential SU's (and you probably are if
you are reading this) then Y-O-U need to take the ./ off your search
path before I come and raid your system. Or someone with more malicious
intent. My appologies to those who think this stuff should not be
spoken openly, but this one is so simple to fix that everyone will
dash out right away and fix their PATH's. RIGHT? Well you ought'a.
----GaryFostel----
More information about the Comp.unix.wizards
mailing list