Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!bu.edu!nntp-read!jc From: jc@raven.bu.edu (James Cameron) Newsgroups: comp.unix.admin Subject: Re: Mysterious security hole Message-ID: Date: 23 Jun 91 03:40:51 GMT References: <52@bvnews1.bv.tek.com> <1991Jun21.203054.989@serval.net.wsu.edu> <1991Jun22.220635.17145@rock.concert.net> Sender: news@bu.edu Organization: What do you mean 'That *can't* be done????' Lines: 29 In-reply-to: mcmahan@cs.unca.edu's message of 22 Jun 91 22:06:35 GMT >>>>> On 22 Jun 91 22:06:35 GMT, mcmahan@cs.unca.edu (Scott McMahan) said: Scott> In article <1991Jun21.203054.989@serval.net.wsu.edu> yeidel@tomar.accs.wsu.edu (Joshua Yeidel) writes: >>The example of having something in / is bad for obvious reasons. But >>what about /tmp? A script named say "la" (common type of "ls") which >>does a chmod 777 /, sends mail to the person and then echos >>"la: Command not found" would do the job nicely. > >Is /tmp in your path? Why? Scott> I wondered that myself. Why were talking about '.' being in your path. So, if your current directory is /tmp and even if '.' is last in your path.... You figure out the trojan horse here... jc -- -- James Cameron (jc@raven.bu.edu) Signal Processing and Interpretation Lab. Boston, Mass (617) 353-2879 ------------------------------------------------------------------------------ "But to risk we must, for the greatest hazard in life is to risk nothing. For the man or woman who risks nothing, has nothing, does nothing, is nothing." (Quote from the eulogy for the late Christa McAuliffe.)