Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!mcsun!unido!nixpbe!nixsin!koerber.sin@sni.de
From: koerber.sin@sni.de (Mathias Koerber)
Newsgroups: comp.unix.admin
Subject: Re: Mysterious security hole
Message-ID: <2011@nixsin.UUCP>
Date: 27 Jun 91 02:32:59 GMT
References: <1991Jun21.203054.989@serval.net.wsu.edu> <1991Jun22.220635.17145@rock.concert.net> <2007@nixsin.UUCP> <1991Jun26.080351.21035@ukpoit.co.uk>
Sender: koerberm@nixsin.UUCP
Reply-To: koerber.sin@sni.de
Organization: Siemens Nixdorf Information Systems (Singapore) Pte Ltd
Lines: 52

In article <1991Jun26.080351.21035@ukpoit.co.uk> alan@ukpoit.co.uk (Alan Barclay) writes:
|In article <2007@nixsin.UUCP> koerber.sin@sni.de writes:
|>[ after the PATH=:/bin:/usr/bin security dicussion was going on for quite
|>   some time, deleted... ]
|>No, but if '.' is in your path, and you are in /tmp, that will do some damage.
|>Same thing for any writable dir in your path. Maybe UNIX should have an
|>option which lets one refuse to run
|>	a) writable scripts/programs
|>	b) setuid scripts/programs
|
|Ah, so you don't want to run ps, mail or at, to name three programs which
|are normally setuid. Also when root a lot of programs have permissions
|of 7xx so almost all programs would be writable.

First an addition:
	c) programs not owned by user

Not necessarily, but as superuser I'd be greatful to an option (ENVIRONMENT-
VARIABLE or so), which would make exec/sh/etc refuse to run those programs.
Simply because I might mistype. Imagine:

    # PARANOID=4 export PARANOID
               ^--some kind of level here, or bitmode or ...
    # echo $PARANOID
    4
    # la -l			<---- obviously a type
    PARANOID: /tmp/la is setuid
    
    # mail
    PARANOID: /bin/mail is writable

    # vo /etc/passwd	<--- another typo
    PARANOID: /usr/local/bin/vo is not ownded by root
	# PARANOID=0 vo /etc/passwd
               ^--- I really want to run this..

or even

	# PARANOID=99 export PARANOID
	# la -l
	PARANOID: executing /u0/local/bin/la (y/n):n
	PARANOID: execution denied


You don't have to use this all the time, but if you know you are going to
do something tricky, or u suspect pitfalls, the extra help might be
welcome.

Mathias Koerber  | S iemens             | EUnet: koerber.sin@sni.de
2 Kallang Sector | N ixdorf             | USA:   koerber.sin@sni-usa.com 
S'pore 1344      | I nformation Systems | Tel: +65/7402852 | Fax: +65/7402834
I can resist everything but TEMPTATION  |#include <disclaimer.h>