Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!mintaka!olivea!uunet!zephyr.ens.tek.com!tekgen!bvnews1!raven.bv.tek.com!mike
From: mike@raven.bv.tek.com (Michael Ewan)
Newsgroups: comp.unix.admin
Subject: Re: Mysterious security hole
Message-ID: <52@bvnews1.bv.tek.com>
Date: 19 Jun 91 17:12:07 GMT
References: <91161.131540SCHDAVZ@YaleVM.YCC.Yale.Edu>
Sender: nobody@bvnews1.bv.tek.com
Reply-To: mike@raven.bv.tek.com (Michael Ewan)
Lines: 26

In article <91161.131540SCHDAVZ@YaleVM.YCC.Yale.Edu>, SCHDAVZ@YaleVM.YCC.Yale.Edu (Dave Schweisguth) writes:
|>  
|> The 'login' command initializes PATH with (among other useful directories)
|> '.'. 'su' leaves '.' out. A footnote to a Unix book I have here hints at a
|> security hole involving the _position_ of '.' in PATH, claiming that having
|> '.' first is dangerous. It doesn't say why.
|>      These add up to something screwy with '.'. Can someone explain why root/
|> Joe User ought/ought not have '.' in his/her path, and if so should it be
|> first, last, or anywhere, and (this is the good part) why? The system is an
|> SGI Personal Iris, IRIX v3.3.2, if it matters.

Having . in your path (especially root's) is dangerous because someone could put
a trojan horse program in / (or your home dir) that would execute instead of the
system command of the same name.  For example:  someone could put a command in / and
call it 'ls', that was acctually a shell script that did rm -fr /' you'd have a real
problem.  So if you have . in your path you put it last so destructive shell
scripts can't masquerade as system commands.  That is you'll get /bin/ls instead
of ./ls.

Mike

-- 
 Michael Ewan    (503)627-6468      Internet:  mike@tekgen.BV.TEK.COM
 Unix Systems Support                   UUCP:  ...!uunet!tekgen.bv.tek.com!mike
 Tektronix, Inc.                  Compuserve:  73747,2304
"Fig Newton: The force required to accelerate a fig 39.37 inches/sec."--J. Hart