On Thu, Sep 01, 2011 at 12:11:02PM +1200, Andrej wrote: > On 1 September 2011 10:39, Philipp Kern <[email protected]> wrote: > >> That might be worth considering for Linux > > You shouldn't do that there's the slightest possibility that you end up in > > an > > untrusted path (where somebody can drop executable files) with cd and > > execute > > something there (think of "ls"). > > That's why "." isn't in the PATH by default and normally shouldn't be. > It's actually not so problematic for non-privileged users, specially if > you tack the dot at the END of your PATH; system executables for e.g., > 'ls' will be found before the maliciously placed file in /tmp > export PATH=${PATH}:.
You'd be surprised how much you can screw up even while not being a privileged user. You can continously try to escalate your privileges through sudo in the background, which gets more and more popular (it even has a "-n" for non-interactive mode). If X is running you can sniff all keystokes including passwords. (Even if Xauthority is in some random path with gdm3 nowadays, you can still sniff the environment of the user's binaries to find it.) As Alan said you can also use typo'ed binary names. Some shells also try to be helpful and might propose the rogue command as the run you actually wanted to run. (As you can assume that everything that's proposed exists as a runnable binary on the system.) So no, I beg to differ on the "not so problematic". Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Stable Release Manager `. `' xmpp:[email protected] Wanna-Build Admin `- finger pkern/[email protected] ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
signature.asc
Description: Digital signature
