gregg%a.cs.okstate.edu@csnet-relay.arpa (Gregg Wonderly) (04/04/86)
Here at OKSTATE, Mark Vasoll came up with a surprisingly simple, and quite neat method of resolving the problems with '.' being in your directory path. I immediately added this to MY shell, Vish, and thought that I would bring it to the attention of the NET, and see what others think. The idea is to create another NON-exportable environment variable that holds a list of ROOT directories under which '.' is considered when looking for the executable for a particular command. Before DOT is allowed, the PWD must have as its' ROOT, one of the given strings. My shell keeps its' own copy of PWD, so this does not involve a process, or other high overhead of establishing the PWD. Also note that '.' must also explicitly appear in the PATH variable before these actions are taken. If no 'dotpath' is established, then normal behavior is 'anything goes'. At startup, Vish establishes the user's home directory as given in /etc/passwd as the sole directory for 'dotpath'. When a particular executable is found to exist in '.', and it is the name of the reqested command, and 'dotpath' does not contain a leading substring of PWD, then a message similiar to 'command': Current directory is not safe! is printed, and 'command' is not executed. I am sure that somebody else may have thought of something of this nature, but I have yet to come across it. On some systems (Really, there are non-destructive users out there), the security hole that '.' creates is not a problem, but all it takes is one time to make you a bit paranoid. Since the latest trend in computing magazines seems to be TELL THE WORLD HOW TO BREAK THE SYSTEM, this type of feature can provide some comfort. Of course, it relies on your own decision as to what 'dotpath' should be. My particular implementation makes it natural to use ":" as 'dotpath', and then DOT is never considered as valid. I would be interested in hearing other's ideas and views on this subject. DOT can be a great convienence, but we all know the consequences if you use it in a directory writable by others. Gregg Wonderly Department of Computing and Information Sciences Oklahoma State University UUCP: {cbosgd, ea, ihnp4, isucs1, mcvax, uokvax}!okstate!gregg ARPA: gregg%okstate.csnet@CSNET-RELAY.ARPA or ARPA: gregg@A.CS.OKSTATE.EDU
gwyn@BRL.ARPA (04/05/86)
WHAT "problem" is this horrible kludge attempting to address? If you feel the need to have "." in your $PATH, put it last and you will never run booby traps instead of standard system utilities. Better yet, leave "." out of your $PATH and explicitly invoke executables in the current directory as "./whatever" when you do want to run them. Anyone who runs unknown executables "just to see what they do" is too stupid for any amount of automatic protection; the fool would probably just make a copy of the executable in his own directory and run it anyway. Geez, guys, this is UNIX. We don't need non-solutions to non-problems embedded in it.