Mysterious security hole
James Cameron
jc at raven.bu.edu
Sun Jun 23 13:40:51 AEST 1991
>>>>> On 22 Jun 91 22:06:35 GMT, mcmahan at cs.unca.edu (Scott McMahan) said:
Scott> In article <1991Jun21.203054.989 at serval.net.wsu.edu> yeidel at tomar.accs.wsu.edu (Joshua Yeidel) writes:
>>The example of having something in / is bad for obvious reasons. But
>>what about /tmp? A script named say "la" (common type of "ls") which
>>does a chmod 777 /, sends mail to the person and then echos
>>"la: Command not found" would do the job nicely.
>
>Is /tmp in your path? Why?
Scott> I wondered that myself.
Why were talking about '.' being in your path. So, if your
current directory is /tmp and even if '.' is last in your
path....
You figure out the trojan horse here...
jc
--
-- James Cameron (jc at raven.bu.edu)
Signal Processing and Interpretation Lab. Boston, Mass (617) 353-2879
------------------------------------------------------------------------------
"But to risk we must, for the greatest hazard in life is to risk nothing. For
the man or woman who risks nothing, has nothing, does nothing, is nothing."
(Quote from the eulogy for the late Christa McAuliffe.)
More information about the Comp.unix.admin
mailing list