| Next | Classic Unix Security Problems | 21 |
So people got the advice to move . to the end of the PATH
This helps, but not enough
Suppose root is trying to type this:
ls /foo
But mistypes this instead:
sl /foo
And I have installed my evil program in /tmp/sl
There is no other sl program anywhere on root's path
So they have just run /tmp/sl
| Next | |
Copyright © 2005 M. J. Dominus |