[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Help to execute C Program Outputs... and some more

To: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Help to execute C Program Outputs... and some more
From: Raja Subramanian <rsubr@xxxxxxxxxxxx>
Date: Mon, 30 Oct 2000 08:05:20 +1100
Mail-followup-to: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx

Hello,

This is a followup post about executing programs in the current directory.
This post hilights the dangers in careless PATH handling in unix and also
hilights the differences btwn DOS and UNIX PATH handling. This is off topic,
but I think that it's worth mentioning.

The DOS shell (command.com) searches for the named program in the current dir
first. Failing that, it searches through the PATH environ variable until it
finds the required program and the first match is used.

Unix shells search only in the dirs listed in the PATH variable. They do not
make any assumptions about the current dir. This is with good reason.

Say the unix shell executed programs from the current dir first (like DOS), if
you changed to my home dir (cd ~username) and tried to list it's contents
(ls). If I had an executable named ls in this dir you would end up running my
ls instead of the system /bin/ls program. My ls program could make a copy of
your shell to some hidden location and make it set uid (and I have hacked your
account). After all this, it can list the dir contents as usual (skipping my
trojan ls ofcourse) and you would notice nothing unusual.

The standard practice is therefore never to include the current dir in the
PATH. Use ./prog to run progs in the curr dir.

For those security minded sys admins the PATH must be set up as follows:

1) Users bin dir (if exists) eg. ~/bin
2) Site local bin dirs eg. /usr/loca/bin
3) System bin dirs eg. /usr/bin, /bin, etc

4) Current dir. Optional... You should not be doing this.

You should end up with something like...
PATH=/home/user/bin:/usr/local/bin:/usr/bin:/bin

Several documents have been written about this issue... search your favourite
unix security website (securityfocus, cert, rootprompt, etc) on this.

Another tip for unix sys admins which renders such trojan attacks useless is
to mount all user writable filesystems (/home, /tmp, /var) with nosuid and
nodev mount flags. Check man pages for mount, fstab for details.

- Raja Supe

PS:
I should appologise for emailing you all repeatedly. I have woken up on
Monday morning and found that linux in India is flourishing... Linux-india is
great! I was just tempted to help:)

Prev by Subject: Re: Help to execute C Program Outputs
Next by Subject: Help: shared memory
Previous by thread: Re: Introductory AI books
Next by thread: problems with templates.
Index(es):
- Subject
- Thread