Mysterious security hole
Mathias Koerber
koerber.sin at sni.de
Tue Jun 25 19:23:21 AEST 1991
In article <1991Jun22.220635.17145 at rock.concert.net> mcmahan at cs.unca.edu (Scott McMahan) writes:
|In article <1991Jun21.203054.989 at serval.net.wsu.edu> yeidel at tomar.accs.wsu.edu (Joshua Yeidel) writes:
|>>The example of having something in / is bad for obvious reasons. But
|>>what about /tmp? A script named say "la" (common type of "ls") which
|>>does a chmod 777 /, sends mail to the person and then echos
|>>"la: Command not found" would do the job nicely.
|>
|>Is /tmp in your path? Why?
|
|I wondered that myself.
No, but if '.' is in your path, and you are in /tmp, that will do some damage.
Same thing for any writable dir in your path. Maybe UNIX should have an
option which lets one refuse to run
a) writable scripts/programs
b) setuid scripts/programs
More information about the Comp.unix.admin
mailing list