Mysterious security hole
maureen lecuona
mal1 at pyuxf.UUCP
Sat Jun 15 03:04:33 AEST 1991
The security hole having to do with "." being anywhere but last
in the PATH is due to the following scenario:
Let the following be true:
PATH=.:/bin:/usr/bin:/etc
and
also, ls -ail /usr/admin is
rwxrw-rw
Now if the administrator does the following:
cd /usr/admin
su -
Then if someone has put a trojan anywhere in the /dir which masquerades
as a legitimate command, ie: df, diff, or any other frequently used
command, the fake version will be used instead of the /bin or /usr/bin
version, because it will be found first in the search for the executable.....
Maureen Lecuona
Integrated Business Solutions, Inc.
4 Spring Lane
Long Valley, N.J. 07853
(908) 850-0174
More information about the Comp.unix.admin
mailing list