Kyle Burton on Fri, 3 Sep 1999 10:29:29 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [Plug] RE: Path


Practical Unix & Internet Security -- I concurr, awesome book.

You can also enable alias tracking for ksh (and possibly other shells,
but I'm not as familliar with the others) -- this has the shell create
a fully pathed alias for any command you run, so the first time you
run ls, it aliases ls to '/bin/ls', now this isn't as secure as typing
the full path every time, but if you have this turned on, and you run ls, 
the next time you run ls, the same one you ran the first time will be
run again -- so this helps (just a little bit) with the trojans problem.

k

------------------------------------------------------------------------------
A language that doesn't affect the way you think about programming, is not
worth knowing. 
    -- Alan J. Perlis
mortis@voicenet.com                            http://www.voicenet.com/~mortis
------------------------------------------------------------------------------

On Fri, 3 Sep 1999, Hugh Brock wrote:

> In general, if I'm not mistaken, you don't want much in the search path
> for the superuser, if for no other reason than that you want to get in
> the habit of typing the full path for every command you run as root
> (e.g. "/bin/ls", not just "ls").
> 
> Why? If an attacker was able to gain normal-user status on your system,
> she could plant a trojan-horse "ls" (for example) in the compromised
> user's home directory that emails /etc/passwd to an address in Botswana,
> or something worse. Then when you go to that directory as root and type
> "ls", which you will probably do at some point, the trojan horse ls gets
> executed with root privileges. If, on the other hand, you type /bin/ls,
> nothing happens other than that you wonder "hey, what's this 'ls' doing
> in joe user's home directory?"
> 
> (See 'Practical Unix and Internet Security' for more... best $40 I ever
> spent...)
> 
> --Hugh
> 
> _______________________________________________
> Plug maillist  -  Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
> 


_______________________________________________
Plug maillist  -  Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug