Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!elroy.jpl.nasa.gov!swrinde!mips!pacbell.com!att!bellcore!porthos!pyuxf!mal1
From: mal1@pyuxf.UUCP (maureen lecuona)
Newsgroups: comp.unix.admin
Subject: Re: Mysterious security hole
Summary: One reason has to do with trojan horses....
Message-ID: <70@pyuxf.UUCP>
Date: 14 Jun 91 17:04:33 GMT
References: <91161.131540SCHDAVZ@YaleVM.YCC.Yale.Edu>
Reply-To: mal1@pyuxf.UUCP (25337-maureen lecuona)
Organization: Integrated Business Solutions, Inc.
Lines: 25

The security hole having to do with "." being anywhere but last
in the PATH is due to the following scenario:

Let the following be true:
PATH=.:/bin:/usr/bin:/etc
and 
also, ls -ail /usr/admin is
rwxrw-rw

Now if the administrator does the following:

cd /usr/admin
su  -

Then if someone has put a trojan anywhere in the /dir which masquerades
as a legitimate command, ie: df, diff, or any other frequently used
command, the fake version will be used instead of the /bin or /usr/bin
version, because it will be found first in the search for the executable.....


Maureen Lecuona
Integrated Business Solutions, Inc.
4 Spring Lane
Long Valley, N.J.  07853
(908) 850-0174