On Fri, 25 Jan 2002, Thomas Sourmail wrote: > > > If the current directory is in the PATH variable before the standard > > > paths, someone could place a trojaned version of a program into a world > > > writable directory. Whenever someone ran (or think they ran) a system > > > utility from that directory, they would instead be running the fake. > > Hum.. that assumes that: > 1) you have world writable directories (why would you, you know it's bad)
/tmp is world writable. /var/tmp might be. There are also innumerable directories that are world/owner writable. This means that someone would need an existing account on your system. If you trust all your users then this is a non-issue (i.e., on a personal/home machine). > 2) someone with bad intentions has access to your machine Yes, that would be the assumption is someone is trying to trojan your binaries. > 3) you have not placed . at the end of $PATH (why would you do that since, > in general, you add to the existing one) If it was at the end, you can substitute another command or typo. E.g., "ls-l", "rmp", "cd..", "mroe" or something similar. You can also use commands that are not in the standard root path but are in the normal user's path (stuff in /usr/local/bin). I'm not saying that you absolutely should put the current dir into your path, but as always, it's a tradeoff between convenience and security. In this case, the danger to security is minimal, but so is the added convenience. > > Or am I missing something ? > > Thomas. > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
