xDAVIDx
09-30-2001, 11:45 PM
doh... I don't know why I didn't think of this till now.
PATH=$PATH:.
export PATH
oh well...
BTW: is there any reason _not_ to do this?
PATH=$PATH:.
export PATH
oh well...
BTW: is there any reason _not_ to do this?
Click to See Complete Forum and Search --> : fixed path so I won't have to type ./ to run a prog.
Craig McPherson
10-01-2001, 12:07 AM
It's generally safe, as long as you put it at the end of the PATH statement.
Let's look at what could happen if you put it at the start of the PATH statement, they way the PATH works in DOS:
1. Joe Random Hacker, who has a normal user account on the system (either a legitimate account or one he created through "undocumented" means).
2. Joe Random Hacker writes a program or script that, when run as root, will edit the system's passwd file and give Joe's account superuser status.
3. Joe's script is useless, because he can't run it as root, right? No. Joe sees that the admin of the site has "." at the front of root's PATH statement.
4. Joe puts his script in /tmp, calling it "ls" or "cat" or "who" -- or all three.
5. The system admin comes along a few hours later, checks his e-mail, checks the system logs, then decides to see if any junk has built up in /tmp.
6. The system admin cd's to /tmp, and runs "ls" -- but since "." comes before "/bin" in his PATH statement, the system admin has accidently just run /tmp/ls instead of /bin/ls -- he's just run Joe Random Hacker's script with full root authority!
7. If Joe is smart, his script will run "ls" like normal after doing its direty work, then delete itself, leaving no trace that it ever existed.
8. Joe Random Hacker now has full root access to the system! Way to go, Joe!
So, pretty clearly, you would never want to have "." at the front of your PATH. What about at the end of the PATH? That's usually safe, but for the paranoid, it should still be avoided:
3. Joe sees that the admin of the site has "." at the end of root's PATH statement.
4. Joe checks the admin's bash history file (if the sysadmin was silly enough to leave it world-readable), or simply watches the sysadmin over his shoulder for a while.
5. Joe discovers that the sysadmin sometimes accidently types "gerp" instead of "grep". We all have certain typos that we make from time to time.
6. Joe saves his give-me-root script as /tmp/gerp.
7. Joe waits for the sysadmin to accidently type "gerp" instead of "grep" while in /tmp.
8. The sysadmin runs "gerp", which runs Joe's script, which does its job and deletes itself.
9. Joe is root again! Another point for Joe Random Hacker! Hoorah!
It's a lot harder in that second case, because it's much more likely that the sysadmin will notice Joe's "surprise" and delete it before he accidently triggers it, but it could still happen. On sites that have a lot of shell users, it might not be worth the risk. On sites with zero shell users other than the admin, it's seriously unlikely to ever be a real concern.
Let's look at what could happen if you put it at the start of the PATH statement, they way the PATH works in DOS:
1. Joe Random Hacker, who has a normal user account on the system (either a legitimate account or one he created through "undocumented" means).
2. Joe Random Hacker writes a program or script that, when run as root, will edit the system's passwd file and give Joe's account superuser status.
3. Joe's script is useless, because he can't run it as root, right? No. Joe sees that the admin of the site has "." at the front of root's PATH statement.
4. Joe puts his script in /tmp, calling it "ls" or "cat" or "who" -- or all three.
5. The system admin comes along a few hours later, checks his e-mail, checks the system logs, then decides to see if any junk has built up in /tmp.
6. The system admin cd's to /tmp, and runs "ls" -- but since "." comes before "/bin" in his PATH statement, the system admin has accidently just run /tmp/ls instead of /bin/ls -- he's just run Joe Random Hacker's script with full root authority!
7. If Joe is smart, his script will run "ls" like normal after doing its direty work, then delete itself, leaving no trace that it ever existed.
8. Joe Random Hacker now has full root access to the system! Way to go, Joe!
So, pretty clearly, you would never want to have "." at the front of your PATH. What about at the end of the PATH? That's usually safe, but for the paranoid, it should still be avoided:
3. Joe sees that the admin of the site has "." at the end of root's PATH statement.
4. Joe checks the admin's bash history file (if the sysadmin was silly enough to leave it world-readable), or simply watches the sysadmin over his shoulder for a while.
5. Joe discovers that the sysadmin sometimes accidently types "gerp" instead of "grep". We all have certain typos that we make from time to time.
6. Joe saves his give-me-root script as /tmp/gerp.
7. Joe waits for the sysadmin to accidently type "gerp" instead of "grep" while in /tmp.
8. The sysadmin runs "gerp", which runs Joe's script, which does its job and deletes itself.
9. Joe is root again! Another point for Joe Random Hacker! Hoorah!
It's a lot harder in that second case, because it's much more likely that the sysadmin will notice Joe's "surprise" and delete it before he accidently triggers it, but it could still happen. On sites that have a lot of shell users, it might not be worth the risk. On sites with zero shell users other than the admin, it's seriously unlikely to ever be a real concern.
xDAVIDx
10-01-2001, 12:17 AM
thanks for the info.
z0mbix
10-17-2001, 05:12 AM
That's worth knowing. Never thought of that one! :p
Thx alot
Thx alot
bwkaz
10-17-2001, 12:22 PM
Funny thing is, the Solaris network here at school has "." in the path.
These people really aren't that smart -- or, it could be that way because the network is adminned by grad students, and none of them ever communicate to each other....
The dot is close to the end of the path, though. The only thing after the dot is $HOME/bin and whatever gets added by ~/.cshrc (yeah, it runs tcsh... ugh).
But still, if I had any idea who root was, they'd have themselves a security hole (not that I'd do anything HARMFUL, just probably rename ls and replace it with a shell script so that any time anyone ran "ls", they'd see what happened, then get their directory).
These people really aren't that smart -- or, it could be that way because the network is adminned by grad students, and none of them ever communicate to each other....
The dot is close to the end of the path, though. The only thing after the dot is $HOME/bin and whatever gets added by ~/.cshrc (yeah, it runs tcsh... ugh).
But still, if I had any idea who root was, they'd have themselves a security hole (not that I'd do anything HARMFUL, just probably rename ls and replace it with a shell script so that any time anyone ran "ls", they'd see what happened, then get their directory).
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.