Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!olivea!uunet!math.fu-berlin.de!unido!nixpbe!nixsin!koerber.sin@sni.de
From: koerber.sin@sni.de (Mathias Koerber)
Newsgroups: comp.unix.admin
Subject: Re: Mysterious security hole
Message-ID: <2007@nixsin.UUCP>
Date: 25 Jun 91 09:23:21 GMT
References: <52@bvnews1.bv.tek.com> <JC.91Jun21133441@raven.bu.edu> <1991Jun21.203054.989@serval.net.wsu.edu> <1991Jun22.220635.17145@rock.concert.net>
Sender: koerberm@nixsin.UUCP
Reply-To: koerber.sin@sni.de
Organization: Siemens Nixdorf Information Systems (Singapore) Pte Ltd
Lines: 16

In article <1991Jun22.220635.17145@rock.concert.net> mcmahan@cs.unca.edu (Scott McMahan) writes:
|In article <1991Jun21.203054.989@serval.net.wsu.edu> yeidel@tomar.accs.wsu.edu (Joshua Yeidel) writes:
|>>The example of having something in / is bad for obvious reasons.  But 
|>>what about /tmp?  A script named say "la" (common type of "ls") which
|>>does a chmod 777 /, sends mail to the person and then echos 
|>>"la: Command not found" would do the job nicely. 
|>
|>Is /tmp in your path?  Why?
|
|I wondered that myself.

No, but if '.' is in your path, and you are in /tmp, that will do some damage.
Same thing for any writable dir in your path. Maybe UNIX should have an
option which lets one refuse to run
	a) writable scripts/programs
	b) setuid scripts/programs