Mysterious security hole
Alan Barclay
alan at ukpoit.co.uk
Wed Jun 26 18:03:51 AEST 1991
In article <2007 at nixsin.UUCP> koerber.sin at sni.de writes:
>In article <1991Jun22.220635.17145 at rock.concert.net> mcmahan at cs.unca.edu (Scott McMahan) writes:
>|In article <1991Jun21.203054.989 at serval.net.wsu.edu> yeidel at tomar.accs.wsu.edu (Joshua Yeidel) writes:
>|>>The example of having something in / is bad for obvious reasons. But
>|>>what about /tmp? A script named say "la" (common type of "ls") which
>|>>does a chmod 777 /, sends mail to the person and then echos
>|>>"la: Command not found" would do the job nicely.
>|>
>|>Is /tmp in your path? Why?
>|
>|I wondered that myself.
>
>No, but if '.' is in your path, and you are in /tmp, that will do some damage.
>Same thing for any writable dir in your path. Maybe UNIX should have an
>option which lets one refuse to run
> a) writable scripts/programs
> b) setuid scripts/programs
Ah, so you don't want to run ps, mail or at, to name three programs which
are normally setuid. Also when root a lot of programs have permissions
of 7xx so almost all programs would be writable.
--
Alan Barclay
iT | E-mail : alan at ukpoit.uucp
Barker Lane | BANG-STYLE : .....!ukc!ukpoit!alan
CHESTERFIELD S40 1DY | VOICE : +44 246 214241
More information about the Comp.unix.admin
mailing list