From owner-freebsd-security Tue Jun 25 00:29:56 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA26785 for security-outgoing; Tue, 25 Jun 1996 00:29:56 -0700 (PDT) Received: from mercury.gaianet.net (root@mercury.gaianet.net [206.171.98.26]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA26765; Tue, 25 Jun 1996 00:29:51 -0700 (PDT) Received: (from vince@localhost) by mercury.gaianet.net (8.7.5/8.6.12) id AAA06441; Tue, 25 Jun 1996 00:28:35 -0700 (PDT) Date: Tue, 25 Jun 1996 00:28:34 -0700 (PDT) From: -Vince- To: Mark Murray cc: hackers@FreeBSD.org, security@FreeBSD.org, Chad Shackley , jbhunt Subject: Re: I need help on this one - please help me track this guy down! In-Reply-To: <199606250712.JAA08662@grumble.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 25 Jun 1996, Mark Murray wrote: > -Vince- wrote: > > > > Hmmm, doesn't everyone have . as their path since all . does is allow > > > > someone to run stuff from the current directory... > > > > > > Not root! this leaves you wide open for trojans. As root you should > > > have to type ./foo to run foo in the current directory. > > > > Hmmm, really? It seems like almost all systems root has . for the > > path but if the directory for root is like read, write, execute by root > > only, how will they get into it? > > Example: user suspects you may be a DOS user, and are likely to try > to type the "dir" or "cls" command every now and then (by mistake). > > In his home directory he places a script called "dir" that creates a > suid shell (silently) then prints the usual "command not found" error. > > He then phones you, asking for support, and tries to trick you into > running his script. Having "." in your path makes his trickery easier. Hmmm, that's only if we had phone support.... We don't :) but do admins really go run a program that the user said won't run? Vince