| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-2.3 required=5.0 tests=AWL,BAYES_00,MISSING_HEADERS,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD |
| X-Spam-Check-By: | sourceware.org |
| Date: | Mon, 12 Dec 2011 01:13:02 -0600 (CST) |
| From: | Tim McDaniel <tmcd AT panix DOT com> |
| cc: | cygwin AT cygwin DOT com |
| Subject: | Re: Latest cygwin.bat - need one |
| In-Reply-To: | <20111212063131.GE4028@mrvideo.vidiot.com> |
| Message-ID: | <Pine.NEB.4.64.1112120101590.29339@panix1.panix.com> |
| References: | <20111212054801 DOT GD4028 AT mrvideo DOT vidiot DOT com> <20111212063131 DOT GE4028 AT mrvideo DOT vidiot DOT com> |
| MIME-Version: | 1.0 |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On Mon, 12 Dec 2011, Mike Brown wrote:
> Doing some more digging I found
> the following posting (via google):
>
> > Does changing 'bash' to '/bin/bash' make a difference?
>
> Answering my own question: yes.
>
> There was a change in execvp()'s behaviour to no longer look up
> an executable in the current working directory, wasn't there? I
> can't find it in the ChangeLog though.
>
> You've got to be kidding. Why was the looking into CWD removed?
PATH specifies the list of directories to search for executables.
So if execvp() ever used "." unconditionally regardless of PATH,
then it violated one of the most long-standing UNIXy rules.
It can also be a massive security hole. On a multi-user system,
I can put a script named "ls" in /tmp, or other likely directory for
others to cd to, to
- copy /bin/bash to some location
- set the setuid bit and setgid on this copy
- run /bin/ls
(Bonus points: somehow filter out this nasty ls script if they are
looking at /tmp. This is hard.)
Anyone foolish enough to put "." near the start of their PATH and who
did
cd /tmp
ls
would thereby get their account hacked, and changing their password
would do no good. I removed "." from my PATH in the 1980s for just
this reason. At least if "." is after standard system directories
like /bin /usr/bin, it mitigates the problem to a large extent: it
catches only typos and attempts to run programs that you don't have
installed. I wonder if there are any common typos to try for.
If execvp() ever looked in "." unconditionally, there would be no way
to ever completely close this security hole.
--
Tim McDaniel, tmcd AT panix DOT com
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |