LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-19-2014, 05:13 PM   #1
HWDPlinux
LQ Newbie
 
Registered: Mar 2014
Posts: 26

Rep: Reputation: Disabled
Need something explained. (...root's path should never include the current dir...)


Hi guys, new member, sort of new to linux, have a cisco ios background. I have a question about the statement below, I am studying for my LPIC-1 and the following statement is from my book. Specifically I do not understand what the author means by 'root account should normally have a shorter path'
and 'root's path should never include the current directory (./)'


"The root account should normally have a shorter path than ordinary user accounts. Typically, you’ll omit directories that store GUI and other user-oriented programs from root’s path in order to discourage use of the root account for routine operations, thus minimizing the risk of security breaches related to buggy or compromised binaries being run by root. Most important, root’s path should never include the current directory (./). Placing this directory in root’s path makes it possible for a local miscreant to trick root into running replacements for common programs, such as ls, by having root change into a directory with such a program. Indeed, omitting the current directory from ordinary user paths is also generally a good idea. If this directory must be part of the ordinary user path, it should appear at the end of the path so that the standard programs take precedence over any replacement programs in the current directory."
 
Old 03-19-2014, 05:28 PM   #2
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
It means that in linux, when typing a command like
Code:
ls
the shell (bash most likely) will search only your PATH environment for that executable.
This means that even if you are in the directory in which a executable resides, you can't execute it just by typing it's name. To circumvaint this, linux users usually type
Code:
./name_of_the_executable_file
or
Code:
/full/path/to/executable/file
You can, however, add the current directory to the path by adding ./ (or simply .) in the PATH environment.. However this is very bad practice for root..

Consider that a tricky user made a malicious script that changed the password of the root account (or does any other thing) and named that program cd or ls and put it in his home folder... Then consider a newby sys-admin that allowed the following PATH for root
Code:
PATH=.:/sbin:/usr/sbin:/bin:/usr/bin
Now, if he ever founds himself in that users home directory and uses the cd or ls commands, that malicious programs will get executed instead (well, in this exact situation, in a typical system, bash already found cd once in /usr/bin/cd and won't look for it again -- but that's another discussion)

Hope I've cleared things up a little..

Last edited by Smokey_justme; 03-19-2014 at 05:30 PM.
 
1 members found this post helpful.
Old 03-19-2014, 05:38 PM   #3
HWDPlinux
LQ Newbie
 
Registered: Mar 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Thank you Smokey! Feel confident moving on now. That was exactly what I needed.
 
Old 03-19-2014, 06:47 PM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Just for the sake of completeness and to avoid mistakes, cd is in any case a shell built-in command, no external command for that exists.
 
1 members found this post helpful.
Old 03-19-2014, 06:52 PM   #5
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Well, if I ever knew that, I completely forgot about it.. Thanks Tobi..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] what is gcc include path/ linux include path ghantauke Linux - Newbie 1 03-08-2011 09:34 PM
include ,h files from dir inside dir knobby67 Programming 1 02-02-2011 07:06 AM
edit path environment variable to include current working directory alb1954 Linux - Newbie 8 07-12-2004 12:26 AM
adding a dir to PATH for root Villain Linux - Newbie 3 06-20-2004 04:49 PM
PWD question : Current dir not full path facets Programming 2 06-09-2004 05:58 AM


All times are GMT -5. The time now is 08:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration