fostel@ncsu.UUCP (08/02/83)
For all of those who think that the SU is the only one who needs to
have ./ removed from the head of the search list -- think again. If
YOU have it on yours then I can trap you. So I can do things like
run a secret command which will build me a setuid shell with YOU the
U in the UID. Now I will know where it is, so I can become you anytime
I want.
Quite right, that may be bad for you, but not for SU and the system at
large. Wrong again. I have never seen a UNIX where there were not a
variaty of VERY INTERESTING things could be done if only one could get
the permissions of one of the maintenance groups, sometimes called "bin"
or "admin" or "sys" or or or. So, since You dear potential superuser
are probably a member of those groups, I will now be able to do work in
those very enticing groups. In a matter of 10-15 minutes, I will have
found the file I need, the precise one varies, which is writable to that
onderful group and which allows me to either become SU or set a wonderful
trapdoor to allow myself to become one in a matter or a day or so at most.
Sooooo, if you are one of the potential SU's (and you probably are if
you are reading this) then Y-O-U need to take the ./ off your search
path before I come and raid your system. Or someone with more malicious
intent. My appologies to those who think this stuff should not be
spoken openly, but this one is so simple to fix that everyone will
dash out right away and fix their PATH's. RIGHT? Well you ought'a.
----GaryFostel----mrd@wjh12.UUCP (Douglas) (08/04/83)
One possibility for those who are paranoid about "accidentally" running non-standard versions of commands when they are in other users' directories, but are too lazy to type "./" to run commands in their own directories, would be to have the shell check the ownership of files before running them - if the command was found in a directory in PATH which does not start with "/", then if it is not owned by the user who is trying to run it, give an error (forcing him to type "./" to run it). Mike Douglas (wjh12!mrd)