[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PATH q'n

To: misc@openbsd.org
Subject: Re: PATH q'n
From: Ben Goren <ben@trumpetpower.com>
Date: Tue, 26 Feb 2002 10:07:35 -0700
Content-Disposition: inline
References: <1051046975.20020226164421@ifrance.com>
User-Agent: Mutt/1.2.5.1i

On Tue, Feb 26, 2002 at 04:44:21PM +0000, Yuri K wrote:

> Hello all,
>
> Why is ~/bin goes first in the PATH? Is not this insecure?

Not if you `chmod 700 ~/bin`.

It should be  at the front of  your $PATH so you  can override the
system defaults. Put the GNU ``ls'' in  your ~/bin and you can use
it  as you  would expect  without disturbing  anybody else  on the
system. Depending  on your  shell,  it's a  viable alternative  to
``alias'' for making sure, for example, that ``ls'' is always ``ls
-F''.

What *is* insecure, and what you  might be confusing this with, is
having ``.'' *anywhere*  in your path, especially  at the front. A
malicious  attacker could  put  an ``ls''  in  a directory  that's
really a trojan. When you cd'd to that directory and did an ls, it
would  emulate an  ls (and  perhaps  the entire  shell), hide  its
presence, and do its nasty  stuff with your priveleges. And if you
did that ls while su'd  to root...well, that's just another reason
to use sudo.

But if you're  the only one with write access  to your ~/bin, then
you're the  only one who  can plant surprises for  yourself (like,
perhaps, forgetting  to capitalize  that -F). Except for  root, of
course, in which case you're already hosed.

> --
> Best regards,
>  Yuri

Yours,

b&

--
Ben Goren
 mailto:ben@trumpetpower.com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]

References:
- PATH q'n
  - From: Yuri K <koroby398@ifrance.com>

Prev by Date: Re: how to restart network without rebooting
Next by Date: Re: how to restart network without rebooting
Prev by thread: Re: PATH q'n
Next by thread: Re: PATH q'n
Index(es):
- Date
- Thread