Re: [Plug] RE: Path

Hugh Brock on Fri, 3 Sep 1999 10:20:09 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [Plug] RE: Path

From: Hugh Brock <hbrock@ibm.net>

To: plug@lists.nothinbut.net

Subject: Re: [Plug] RE: Path

Date: Fri, 03 Sep 1999 10:20:09 -0400

Organization: IndigoLogic

Reply-to: plug@lists.nothinbut.net

Sender: plug-admin@lists.nothinbut.net

In general, if I'm not mistaken, you don't want much in the search path for the superuser, if for no other reason than that you want to get in the habit of typing the full path for every command you run as root (e.g. "/bin/ls", not just "ls"). Why? If an attacker was able to gain normal-user status on your system, she could plant a trojan-horse "ls" (for example) in the compromised user's home directory that emails /etc/passwd to an address in Botswana, or something worse. Then when you go to that directory as root and type "ls", which you will probably do at some point, the trojan horse ls gets executed with root privileges. If, on the other hand, you type /bin/ls, nothing happens other than that you wonder "hey, what's this 'ls' doing in joe user's home directory?" (See 'Practical Unix and Internet Security' for more... best $40 I ever spent...) --Hugh _______________________________________________ Plug maillist - Plug@lists.nothinbut.net http://lists.nothinbut.net/mail/listinfo/plug

Follow-Ups:

Re: [Plug] RE: Path
From: Kyle Burton <mortis@voicenet.com>

Re: [Plug] RE: Path
From: "Jason S." <jason@sn.com>

References:

Re: [Plug] RE: Path
From: Alexander John Batyi <bud@buxcom.net>

Prev by Date: Re: [Plug] kurt's talk and next meeting

Next by Date: Re: [Plug] RE: Path

Previous by thread: Re: [Plug] RE: Path

Next by thread: Re: [Plug] RE: Path

Index(es):

Date

Thread