[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Help to execute C Program Outputs... and some more


This is a followup post about executing programs in the current directory.
This post hilights the dangers in careless PATH handling in unix and also
hilights the differences btwn DOS and UNIX PATH handling. This is off topic,
but I think that it's worth mentioning.

The DOS shell (command.com) searches for the named program in the current dir
first. Failing that, it searches through the PATH environ variable until it
finds the required program and the first match is used.

Unix shells search only in the dirs listed in the PATH variable. They do not
make any assumptions about the current dir. This is with good reason.

Say the unix shell executed programs from the current dir first (like DOS), if
you changed to my home dir (cd ~username) and tried to list it's contents
(ls). If I had an executable named ls in this dir you would end up running my
ls instead of the system /bin/ls program. My ls program could make a copy of
your shell to some hidden location and make it set uid (and I have hacked your
account). After all this, it can list the dir contents as usual (skipping my
trojan ls ofcourse) and you would notice nothing unusual.

The standard practice is therefore never to include the current dir in the
PATH. Use ./prog to run progs in the curr dir.

For those security minded sys admins the PATH must be set up as follows:

1) Users bin dir (if exists) eg. ~/bin
2) Site local bin dirs eg. /usr/loca/bin
3) System bin dirs eg. /usr/bin, /bin, etc

4) Current dir. Optional... You should not be doing this.

You should end up with something like...

Several documents have been written about this issue... search your favourite
unix security website (securityfocus, cert, rootprompt, etc) on this.

Another tip for unix sys admins which renders such trojan attacks useless is
to mount all user writable filesystems (/home, /tmp, /var) with nosuid and
nodev mount flags. Check man pages for mount, fstab for details.

- Raja Supe

I should appologise for emailing you all repeatedly. I have woken up on
Monday morning and found that linux in India is flourishing... Linux-india is
great! I was just tempted to help:)