Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!lll-crg!lll-lcc!styx!kehres
From: kehres@styx.UUCP (Tim Kehres)
Newsgroups: net.unix
Subject: Re: Secure PATH
Message-ID: <20802@styx.UUCP>
Date: Wed, 27-Aug-86 19:11:43 EDT
Article-I.D.: styx.20802
Posted: Wed Aug 27 19:11:43 1986
Date-Received: Thu, 28-Aug-86 01:33:44 EDT
References: <184@ablnc.UUCP> <5991@alice.uUCp>
Reply-To: kehres@styx.UUCP (Tim Kehres)
Organization: Lawrence Livermore Laboratory, Livermore CA
Lines: 21

In article <5991@alice.uUCp> ark@alice.UucP (Andrew Koenig) writes:
>> In my .profile, I have eliminated the beginning : in my path. If a
>> program to be executed is not in a directory indicated in my PATH,
>> I execute it by "./". This is not a BIG hurdle but it is more
>> secure.
>
>If you put the current directory at the end of the search path,
>the hassle is much less and the advantage is almost as great.


It is also very important to make sure that directories with either world
or group write permissions are not in the path.  If they must be there, they
should be at the end of the search path.  In any event, /bin and /usr/bin
should be at the head of the search path.

Tim Kehres
Control Data Corporaton / Lawrence Livermore National Laboratory
----------------------------------------------------------------
UUCP: {idi,ihnp4!lll-lcc}!styx!kehres
ARPA: kehres@lll-tis-b.ARPA
AT&T: (415) 463-6852