Date: Tue, 25 Jun 1996 11:44:19 -0600 (MDT) From: Barnacle Wes <softweyr@xmission.com> To: davidg@Root.COM Cc: hal@snitt.com, security@freebsd.org Subject: Re: The Vinnie Loophole Message-ID: <199606251744.LAA24692@xmission.xmission.com> In-Reply-To: <199606251538.IAA19357@root.com> from "David Greenman" at Jun 25, 96 08:38:29 am
next in thread | previous in thread | raw e-mail | index | archive | help
% Re: Trojan horse programs that get executed because "." is in PATH
% somewhere:
%
% The fact that this well-known, easily plugged loophole is being
% rediscovered by new admins (probably daily) suggests that we *could*
% do something more proactive to keep it from happening.
%
% 1. How about adding checks for "." or equivalent in $PATH to
% /etc/security? Scan for it in .profile, .bashrc, and so forth. This
% would not catch every offence but would help.
> It's appropriate for some environments and not for others. I certainly
> wouldn't want the kernel involved in this in any case, and things that do
> scans through your filesystems need to be carefully controlled. Some systems
> have so much disk space and NFS that the scan wouldn't complete within the
> 24 hour time period. Something like (1), if implemented, should not be enabled
> by default.
I worked on the code that did this in Security Toolkit/UNIX for months,
so did the other two programmers. This is very difficult to do
correctly, and if you do it wrong, you're just giving out a false sense
of security. In my experience, when you tell someone their computer is
"secure" and then they get hacked, they get *really pissed* at you,
regardless of whether you said anything about how they got hacked or
not. ;^)
--
Wes Peters | Yes I am a pirate, two hundred years too late
Softweyr | The cannons don't thunder, there's nothing to plunder
Consulting | I'm an over forty victim of fate...
softweyr@xmission.com | Jimmy Buffett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251744.LAA24692>