Re: [Plug] RE: Path

Kyle Burton on Fri, 3 Sep 1999 10:29:29 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [Plug] RE: Path

From: Kyle Burton <mortis@voicenet.com>

To: plug@lists.nothinbut.net

Subject: Re: [Plug] RE: Path

Date: Fri, 3 Sep 1999 10:29:18 -0400 (EDT)

Reply-to: plug@lists.nothinbut.net

Sender: plug-admin@lists.nothinbut.net

Practical Unix & Internet Security -- I concurr, awesome book. You can also enable alias tracking for ksh (and possibly other shells, but I'm not as familliar with the others) -- this has the shell create a fully pathed alias for any command you run, so the first time you run ls, it aliases ls to '/bin/ls', now this isn't as secure as typing the full path every time, but if you have this turned on, and you run ls, the next time you run ls, the same one you ran the first time will be run again -- so this helps (just a little bit) with the trojans problem. k ------------------------------------------------------------------------------ A language that doesn't affect the way you think about programming, is not worth knowing. -- Alan J. Perlis mortis@voicenet.com http://www.voicenet.com/~mortis ------------------------------------------------------------------------------ On Fri, 3 Sep 1999, Hugh Brock wrote: > In general, if I'm not mistaken, you don't want much in the search path > for the superuser, if for no other reason than that you want to get in > the habit of typing the full path for every command you run as root > (e.g. "/bin/ls", not just "ls"). > > Why? If an attacker was able to gain normal-user status on your system, > she could plant a trojan-horse "ls" (for example) in the compromised > user's home directory that emails /etc/passwd to an address in Botswana, > or something worse. Then when you go to that directory as root and type > "ls", which you will probably do at some point, the trojan horse ls gets > executed with root privileges. If, on the other hand, you type /bin/ls, > nothing happens other than that you wonder "hey, what's this 'ls' doing > in joe user's home directory?" > > (See 'Practical Unix and Internet Security' for more... best $40 I ever > spent...) > > --Hugh > > _______________________________________________ > Plug maillist - Plug@lists.nothinbut.net > http://lists.nothinbut.net/mail/listinfo/plug > _______________________________________________ Plug maillist - Plug@lists.nothinbut.net http://lists.nothinbut.net/mail/listinfo/plug

References:

Re: [Plug] RE: Path
From: Hugh Brock <hbrock@ibm.net>

Prev by Date: Re: [Plug] RE: Path

Next by Date: Re: [Plug] RE: Path

Previous by thread: Re: [Plug] RE: Path

Next by thread: Re: [Plug] RE: Path

Index(es):

Date

Thread