Mailinglist Archive: opensuse (4749 mails)

< Previous Next >
Re: [SLE] Root PATH
  • From: Thomas Jones <thomas.jones@xxxxxxxxxxxxxxxx>
  • Date: Sun, 11 May 2003 18:05:06 -0500
  • Message-id: <200305111805.06193.thomas.jones@xxxxxxxxxxxxxxxx>
On Sunday 11 May 2003 17:06, Anders Johansson wrote:
> On Monday 12 May 2003 00:05, Thomas Jones wrote:
> > PATH=$USER/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin
>
> yikes. So a malicious user on your system would create /tmp/root/bin/cp
>
> or some other common command, and just wait. Not a good idea to have
> relative paths in $PATH

ahhh..hhhahhh.

But how different is /root and /tmp/root?

Upon using $USER/bin how does the shell interpret this? It will call upon the
$USER decalaration. This is not a configurable option. I can't just go into
my .profile and alter my $USER declaration to make me root. IT regardless
won't give me any mroe permissions. It is all based off the UID.

A user could just compile a "malicious" binary from say "fdisk". And rename it
to "cp". But, how is that any different than calling it like this:

tjones@suse:/tmp> ./cp

It's exactly the same. No difference. I just called upon a malicious binary
from within /tmp. Without any $PATH arguments being checked.

hhmmm.

--
Thomas Jones
Linux-Howtos Administrator

< Previous Next >
Follow Ups