Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!decvax!harpo!floyd!whuxlb!pyuxll!eisx!npoiv!npois!hogpc!houxm!hocda!spanky!burl!duke!mcnc!ncsu!fostel From: fostel@ncsu.UUCP Newsgroups: net.unix-wizards Subject: Re:Security and PATH Message-ID: <2256@ncsu.UUCP> Date: Tue, 2-Aug-83 12:55:12 EDT Article-I.D.: ncsu.2256 Posted: Tue Aug 2 12:55:12 1983 Date-Received: Wed, 3-Aug-83 20:52:51 EDT Lines: 27 For all of those who think that the SU is the only one who needs to have ./ removed from the head of the search list -- think again. If YOU have it on yours then I can trap you. So I can do things like run a secret command which will build me a setuid shell with YOU the U in the UID. Now I will know where it is, so I can become you anytime I want. Quite right, that may be bad for you, but not for SU and the system at large. Wrong again. I have never seen a UNIX where there were not a variaty of VERY INTERESTING things could be done if only one could get the permissions of one of the maintenance groups, sometimes called "bin" or "admin" or "sys" or or or. So, since You dear potential superuser are probably a member of those groups, I will now be able to do work in those very enticing groups. In a matter of 10-15 minutes, I will have found the file I need, the precise one varies, which is writable to that onderful group and which allows me to either become SU or set a wonderful trapdoor to allow myself to become one in a matter or a day or so at most. Sooooo, if you are one of the potential SU's (and you probably are if you are reading this) then Y-O-U need to take the ./ off your search path before I come and raid your system. Or someone with more malicious intent. My appologies to those who think this stuff should not be spoken openly, but this one is so simple to fix that everyone will dash out right away and fix their PATH's. RIGHT? Well you ought'a. ----GaryFostel----