|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re[2]: [Plug] RE: Path tnkU
|
Great tip!!
tnkU
-jimS
____________________Reply Separator____________________
Subject: Re: [Plug] RE: Path
Author: <plug@lists.nothinbut.net>
Date: 9/3/99 10:29 AM
Practical Unix & Internet Security -- I concurr, awesome book.
You can also enable alias tracking for ksh (and possibly other shells,
but I'm not as familliar with the others) -- this has the shell create
a fully pathed alias for any command you run, so the first time you
run ls, it aliases ls to '/bin/ls', now this isn't as secure as typing
the full path every time, but if you have this turned on, and you run ls,
the next time you run ls, the same one you ran the first time will be
run again -- so this helps (just a little bit) with the trojans problem.
k
------------------------------------------------------------------------------
A language that doesn't affect the way you think about programming, is not
worth knowing.
-- Alan J. Perlis
mortis@voicenet.com http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
On Fri, 3 Sep 1999, Hugh Brock wrote:
> In general, if I'm not mistaken, you don't want much in the search path
> for the superuser, if for no other reason than that you want to get in
> the habit of typing the full path for every command you run as root
> (e.g. "/bin/ls", not just "ls").
>
> Why? If an attacker was able to gain normal-user status on your system,
> she could plant a trojan-horse "ls" (for example) in the compromised
> user's home directory that emails /etc/passwd to an address in Botswana,
> or something worse. Then when you go to that directory as root and type
> "ls", which you will probably do at some point, the trojan horse ls gets
> executed with root privileges. If, on the other hand, you type /bin/ls,
> nothing happens other than that you wonder "hey, what's this 'ls' doing
> in joe user's home directory?"
>
> (See 'Practical Unix and Internet Security' for more... best $40 I ever
> spent...)
>
> --Hugh
>
> _______________________________________________
> Plug maillist - Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
>
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
Received: from mrh-01.harte-hanks.com [10.3.2.26] by harte-hanks.com (ccMail Link to SMTP R8.31.00.5)
; Fri, 03 Sep 1999 09:29:38 -0500
Return-Path: <plug-admin@lists.nothinbut.net>
Received: (qmail 28222 invoked from network); 3 Sep 1999 13:37:54 -0000
Received: from nitrous.nothinbut.net (207.44.32.15)
by mrh-01.harte-hanks.com with SMTP; 3 Sep 1999 13:37:54 -0000
Received: from nitrous.nothinbut.net (daemon@localhost [127.0.0.1])
by nitrous.nothinbut.net (8.9.3/8.9.3/Debian/GNU) with ESMTP id KAA25518;
Fri, 3 Sep 1999 10:29:26 -0400
Received: from unix01.voicenet.com (qmailr@unix01.voicenet.com [209.71.48.250])
by nitrous.nothinbut.net (8.9.3/8.9.3/Debian/GNU) with SMTP id KAA25477
for <plug@lists.nothinbut.net>; Fri, 3 Sep 1999 10:29:21 -0400
Received: (qmail 3586 invoked by uid 16129); 3 Sep 1999 14:29:18 -0000
Date: Fri, 3 Sep 1999 10:29:18 -0400 (EDT)
From: Kyle Burton <mortis@voicenet.com>
X-Sender: mortis@unix01
To: plug@lists.nothinbut.net
Subject: Re: [Plug] RE: Path
In-Reply-To: <37CFD919.141781D3@ibm.net>
Message-ID: <Pine.SOL.4.04.9909031021080.9997-100000@unix01>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Reply-To: plug@lists.nothinbut.net
Sender: plug-admin@lists.nothinbut.net
Errors-To: plug-admin@lists.nothinbut.net
X-Mailman-Version: 1.0rc2
Precedence: bulk
List-Id: Philadelphia Linux User's Group <plug.lists.nothinbut.net>
X-BeenThere: plug@lists.nothinbut.net
|
|