| Next | Classic Unix Security Problems | 20 |
Say that they type this:
cp foo /etc/bar
Their shell searches for the cp command
It does this by searching the directories in their PATH variable
Typical PATH:
.:/home/mjd/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:
/usr/games:/sbin:/usr/sbin:/usr/local/bin/X11R6:
/usr/local/bin/mh:/data/mysql/bin:/usr/local/bin/pbm:
/usr/local/bin/ezmlm:/home/mjd/TPI/bin:/usr/local/teTeX/bin:
/usr/local/mysql/bin:/usr/local/bin:/usr/local/bin
Note the "." at the beginning
This is an inredibly bad move
I can place my own cp program in /tmp, say
If root runs cp foo /etc/bar while in /tmp, they are running /tmp/cp
Not the real cp
| Next | |
Copyright © 2005 M. J. Dominus |