Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1a 7/7/83; site rlgvax.UUCP
Path: utzoo!linus!philabs!seismo!rlgvax!guy
From: guy@rlgvax.UUCP
Newsgroups: net.unix-wizards
Subject: Re: Security and $PATH
Message-ID: <939@rlgvax.UUCP>
Date: Mon, 1-Aug-83 04:28:27 EDT
Article-I.D.: rlgvax.939
Posted: Mon Aug  1 04:28:27 1983
Date-Received: Mon, 1-Aug-83 22:46:36 EDT
References: <396@houxq.UUCP>
Organization: CCI Office Systems Group, Reston, VA
Lines: 32


	On the UNIX systems I am familiar with (running USG 5.0), the PATH
	variable is set, both in /etc/profile and in login, to begin with a
	':', meaning that the current directory is the first directory to be
	searched.

	It seems to me that this is a significant security hole, because it
	means that a user can set a booby trap by writing a shell that has
	the same name as a common command, but does something significantly
	different.

	Is it a common practice to have the default PATH begin with a ':'?
	Is there a real good reason to make this the default?

Yes, it is an almost universal practice.  However, all USG systems I know
about DO protect the superuser; the default PATH for "root" is
/bin:/etc:/usr/bin (or some permutation thereof).  I find it a pain when "root"
to have to say "./xxx" to run a test version of the program "xxx" (for obscure
reasons I do most development work on our System III systems as "root"), but
I have gotten into the habit of saying "./xxx".  There is a good reason to
make it the default; people are used to it.  If somebody feels like being very
security-conscious I feel it is THEIR responsibility to change their PATH.
I suspect it's somewhat of an issue like compulsory seat-belt laws or helmet
laws; some feel it is a person's responsibility to protect themselves and some
feel this protection should be required whether the person wants it or not.
(No flames please, this is NOT a statement of my views on seat-belt or helmet
laws.)  As such, I guess it's really up to the system administrator; you
can always hack "/etc/profile", and anybody who doesn't like the PATH they've
been given can always replace it in their ".profile" anyway.

	Guy Harris
	{seismo,mcnc,we13,brl-bmd,allegra}!rlgvax!guy