58 lines
2.2 KiB
HTML
58 lines
2.2 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
||
|
<HTML>
|
||
|
<HEAD>
|
||
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
||
|
<TITLE>PATH HOWTO: Security concerns</TITLE>
|
||
|
<LINK HREF="Path-13.html" REL=next>
|
||
|
<LINK HREF="Path-11.html" REL=previous>
|
||
|
<LINK HREF="Path.html#toc12" REL=contents>
|
||
|
</HEAD>
|
||
|
<BODY>
|
||
|
<A HREF="Path-13.html">Next</A>
|
||
|
<A HREF="Path-11.html">Previous</A>
|
||
|
<A HREF="Path.html#toc12">Contents</A>
|
||
|
<HR>
|
||
|
<H2><A NAME="s12">12. Security concerns</A></H2>
|
||
|
|
||
|
<P>
|
||
|
<P>The path is sometimes a big security problem. It is a very common way
|
||
|
to hack into a system using some mistakes in path settings. It is
|
||
|
easy to make Trojan horse attacks if hacker gets root or other users
|
||
|
to execute his versions of commands.
|
||
|
<P>A common mistake in the past (?) was to keep '.' in the root's path.
|
||
|
Malicious hacker makes program 'ls' in his home directory. If root
|
||
|
makes
|
||
|
<P>
|
||
|
<BLOCKQUOTE><CODE>
|
||
|
<PRE>
|
||
|
# cd ~hacker
|
||
|
# ls
|
||
|
</PRE>
|
||
|
</CODE></BLOCKQUOTE>
|
||
|
<P>he executes ls command of hacker's.
|
||
|
<P>Indirectly, this same applies to all the programs that are executed as
|
||
|
root. Any of the important daemon processes should never execute
|
||
|
anything that some other user can write into. In some systems,
|
||
|
/usr/local/bin is allowed to contain programs with less strict
|
||
|
security screening - it is just removed from the path of the root
|
||
|
user. However, if it is known that some daemon executes 'foo' using
|
||
|
path '/usr/local/bin/:...', it may be possible to cheat daemon to
|
||
|
execute '/usr/local/bin/foo' instead of '/bin/foo'. Likely anybody
|
||
|
who can write to '/usr/local/bin' is able to break into the system.
|
||
|
<P>It is very important to consider in what order the directories are in
|
||
|
the path. If /usr/local/bin is before /bin, it is a security risk -
|
||
|
if it is after, it is not possible to overwrite command /bin/foo with
|
||
|
some localized modification in /usr/local/bin/foo.
|
||
|
<P>In Linux it should be remembered that the path evaluation is done in
|
||
|
the operating system call level. Everywhere where an executable file
|
||
|
path is given you can give a short name that is searched at least from
|
||
|
/bin and /usr/bin - likely from many other places as well.
|
||
|
<P>
|
||
|
<P>
|
||
|
<HR>
|
||
|
<A HREF="Path-13.html">Next</A>
|
||
|
<A HREF="Path-11.html">Previous</A>
|
||
|
<A HREF="Path.html#toc12">Contents</A>
|
||
|
</BODY>
|
||
|
</HTML>
|