Stoopid script failure
Greg Woods
woods at ucar.edu
Sun Feb 7 20:54:01 UTC 2010
On Sat, 2010-02-06 at 23:24 +0800, Ed Greshko wrote:
> have . in your
> $PATH. I recall somewhere, sometime a warning against that....but I've
> ignored it for years and haven't had a problem. I even forgot what the
> warning was all about.
Generally it's not a good thing to have a different command be executed
depending on what directory you happen to be in when executing it. That
is at best unreliable, and at worst a major security hole. This is
particularly bad for root; consider this:
$ cat > ls
#!/bin/sh
cp /bin/sh .
chmod 04755 sh
/bin/ls $*
^D
Now if you can just trick that sysadmin with . in root's search path
into inspecting your home directory...
# cd ~user
# ls
Now the user has an executable setuid root shell.
Or trick any user with . in the search path into doing it and you can
break into their account, find that nice juicy saved banking password...
--Greg
More information about the users
mailing list