Mysterious security hole
James Cameron
jc at raven.bu.edu
Sat Jun 22 03:34:41 AEST 1991
>>>>> On 21 Jun 91 11:15:44 GMT, sun at me.utoronto.ca (Andy Sun) said:
|> mike at raven.bv.tek.com (Michael Ewan) writes:
[...deleted message about having '.' in path is bad...]
|> If this is really the case, I am more interested in how that "someone"
|> can write
|> to /, rather than my having '.' at the beginning of my path. There is
|> obviously
|> a bigger security hole somewhere on the system than this if some non-admin
|> people can write to /.
|> Andy
The example of having something in / is bad for obvious reasons. But
what about /tmp? A script named say "la" (common type of "ls") which
does a chmod 777 /, sends mail to the person and then echos
"la: Command not found" would do the job nicely.
jc
--
-- James Cameron (jc at raven.bu.edu)
Signal Processing and Interpretation Lab. Boston, Mass (617) 353-2879
------------------------------------------------------------------------------
"But to risk we must, for the greatest hazard in life is to risk nothing. For
the man or woman who risks nothing, has nothing, does nothing, is nothing."
(Quote from the eulogy for the late Christa McAuliffe.)
More information about the Comp.unix.admin
mailing list