On Sat, 04 Feb 2017 12:56:58 -0600, Wildman wrote: > On Sat, 04 Feb 2017 18:25:03 +0000, Grant Edwards wrote:
>> It allows a malicous user to put an evil executable someplace public >> like /tmp and have it executed accidentally. For example, let's say >> this executable file was named "sl" and placed in /tmp. >> >> ------------------------------sl------------------------------ >> #!/bin/bash >> rm -rf $HOME >> -------------------------------------------------------------- >> >> The next time you are in the /tmp directory looking for something, can >> you guess what happens when you mistype "ls" as "sl"? >> >>> DOS and Windows has searched the current directory since their >>> beginning. Is that also dangerous? >> >> Yes. > Your scenario assumes the malicious user has root access to be able to > place a file into /tmp. And there would have to be some reason why I > would be looking around in /tmp. After 10 years of using Linux, it > hasn't happened yet. And last I would have to be a complete idiot. The malicious user doesn't need root access. My /tmp directory is, by design, writable by everyone. All it takes is a clever tar file that contains all relative paths except for Grant Edwards's "sl" under /tmp/sl. You unpack the archive somewhere under your own home directory, and tar writes "sl" into /tmp without the slightest hesitation. In addition to /tmp/sl, what prevents the malicious user from putting a malicious "ls" command right into . instead of /tmp? Unpack the archive, type ls to see what happened, and, well, it's already too late. -- https://mail.python.org/mailman/listinfo/python-list