????? HELP!!! what is wrong with this code? ???????

Wed Oct 19 15:48:40 AEST 1988

Sender: 
Reply-To: mbt at bridge2.3Com.com (Brad Turner)
Followup-To: 
Distribution: world
Organization: 3Com Corp., Mt. View, CA
Keywords: 

In article <10146 at cup.portal.com> thad at cup.portal.com (Thad Floryan) writes:
>Doug Gwyn writes: "It is not wise to have the current directory early
>in the PATH directory list."
>
>Though I like UNIX' flexibility in establishing/using paths, I've seen
>systems that always ASSUMED the current directory BEFORE traipsing down
>the path (I find such assumptions odious).
>
>Doug, would you please expand upon your statement (above)?  I feel others
>besides myself would appreciate knowing the hidden (?) pitfalls.
>
>Thank you!
>
>
>Thad Floryan  [ thad at cup.portal.com (OR) ..!sun!portal!cup.portal.com!thad ]

Often users leave the permissions on their home directory ``open'' so
that others can put files there, or whatever. The point being since the
sys admin (root) doesn't own the cwd (most likely) a possible security
breech may occur. Below is the psuedo code for a trojan that might be
planted in a users home directory under the name ``ls'' which the user
more than likely will execute.

--------psuedo for ls trojan--------
echo releastic looking error message (eg "no more inodes logging user off")
echo identical login string
read user id
echo password prompt
read password for user
echo sorry incorrect login type message
mail/copy/move user id & password to rogue person implementing this trojan
rm ls trojan from cwd
kill parent process and self (the login shell is most likely parent )
------------------------------------

Of course this is limited in that one has to be able to login to the
system first in order to do this, but it still represents a possible
security breach. Use your imagination I'm sure you can come up with
better/more-intresting/devious/harmful abuses. Specifically the pretense
is to get a user to execute your trojan instead of the real live unix
command.

I've never seen any real harmful abuse of security, mostly it was stuff
like harrasing the intro cs students.

story: an instructor told his intro class to alter their path putting
``.'' first so that csh wouldn't have to search as far down the path.
Obviously he wasn't familar with the csh. None the less the upper level
students had lots of fun mucking with the intro students making "ls"
and a host of other unix commands not work. The instructor really ended
up with egg all over his face and some upper students got a stern scolding.

-brad-
an ex. sys. admin.

-- 
v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v
Brad Turner	1330 Ashleybrook Ln.	(919) 768-2097	| I speak for myself
3Com Corp.	Winston-Salem, NC 27103 mbt at bridge2	| NOT for my employer.