Secure PATH
Darryl P. Wagoner
dpw at rayssd.UUCP
Sun Aug 31 12:12:58 AEST 1986
> > In my .profile, I have eliminated the beginning : in my path. If a
> > program to be executed is not in a directory indicated in my PATH,
> > I execute it by "./". This is not a BIG hurdle but it is more
> > secure.
>
> If you put the current directory at the end of the search path,
> the hassle is much less and the advantage is almost as great.
I have to agree. It is not very effective to put a Trojan Horse called
some-strange-name in a writeable directory. If a person is that dumb
enough to execute an unknowned program .... Well you can fill in the rest.
Besides you don't "cd" into a directory and execute some program you don't
even know the name of. The point is that for a Trojan Horse to be successful
it should be a command that a person will execute upon entering a directory,
namely "ls".
--
Save ihnp4! Mail around it.
--
Darryl Wagoner
Raytheon Co.; Portsmouth RI; (401)-847-8000 x4089
best path {allegra|gatech|mirror|raybed2} ---------\
next best {linus|ihnp4|pyrbos} ---------------------->!rayssd!dpw
if all else fails {brunix|cci632} -------------------------/
More information about the Comp.unix
mailing list