LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 05-27-2005, 09:31 PM   #1
nadroj
Senior Member
 
Registered: Jan 2005
Location: Canada
Distribution: ubuntu
Posts: 2,539

Rep: Reputation: 58
question about putting pwd in $PATH


i have a question about something i read in my linux book.. ill type out a quote from it:
Quote:
Configuring to have the current directory set in your path does involve some risk if a hacker gains access to your account while you are logged in. For example, a hacker might gain access through an open port (communication path in a network protocol). If you choose to put your current working directory in the PATH variable, be certain you have secured access to your account, such as through closing unused ports.
i cant seem to comprehend it; why is it a threat? The example used in the book i think was (as i closed it just now and am really lazy ) "PATH=$PATH:."

could someone explain briefly how this could be a threat/exploited? also include your ip address, any opened ports and username + passwd please. thanks
..haha.. ok, jk about that.. but really, just wondering how this could be a threat?
thanks.

also, right when the above example command is executed, the . (dot) is read by the shell and immediately replaced with the current directory/pwd THEN saved in the path environment variable, right? like, if i use the above command then cd to someplace else, my now pwd isnt in the path variable right? ya.. ok i assume thast right, nevermind heh.

i wont ever be trying this command, i dont see myself ever finding any use for it, but i just read it last night and was wondering, thats all

Last edited by nadroj; 05-27-2005 at 09:33 PM.
 
Old 05-27-2005, 11:01 PM   #2
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Rep: Reputation: 46
I can see a threat if the hacked program/service wasn't chroot'd, because they would then know the present working directory, but being jailed would "jail" them into the chroot and shouldn't allow them out of it.

Other than that, I don't really understand the paragraph you quoted to be any more of a threat than normal.
 
Old 05-28-2005, 12:00 AM   #3
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 3,995

Rep: Reputation: 261Reputation: 261Reputation: 261
In theory, an attacker may trick you into running a different binary than you think you were running, but if . is the last entry in your PATH then the risk is negligible. But if . is the first entry, it can be very dangerous (the following is a true story I read somewhere):

A sysadmin at a site had . as the first entry in root's PATH. One day a user asked him to delete a file beginning with a dash in /tmp (feigning cluelessness). The sysadmin su'ed to root and proceeded to do so. After that the "clueless user" had root. How? He had put a shell script namred "rm" in /tmp. The admin had done cd /tmp and then rm <whatever>. But since . was the first PATH entry, the command executed was not /bin/rm, but /tmp/rm. And /tmp/rm was a shell script that created and copied a SETUID shell into the user's home directory and then called the "real" rm to delete itself and the file in question, so the admin never suspected a thing.

A remote attacker could do the same thing, but really in your case the risk is quite negligible and ports and network services have nothing really to do with it at all other than to give a malicious person who would not normally have access to the system access.
 
Old 05-28-2005, 06:53 AM   #4
mohit dhawan
Member
 
Registered: Mar 2005
Posts: 92

Rep: Reputation: 15
yes that is what i would have said
 
Old 05-30-2005, 04:00 PM   #5
jonaskoelker
Senior Member
 
Registered: Jul 2004
Location: Denmark
Distribution: Ubuntu, Debian
Posts: 1,524

Rep: Reputation: 46
I agree that the risk is negligible (but when it's exploited, it *really* hurts).

The other argument against is standards-compliance; the norm (afaik) is to not have . in $PATH--at the very least it won't hurt being used to not having . in $PATH, but if you grow too attached to it and it gets taken away from you (umm... company politics), you'll get pissed.

(hmm... I argue for following standards for the sake of not being used to something not available; yet I use the dvorak keyboard layout... standards -> good; double standards -> double good)

--Jonas
 
Old 05-30-2005, 04:34 PM   #6
nadroj
Senior Member
 
Registered: Jan 2005
Location: Canada
Distribution: ubuntu
Posts: 2,539

Original Poster
Rep: Reputation: 58
hmm.. alright, ok i guess it makes sense.. the book doesnt do a good job at explaining or going into any details about anything *nix related for roughly 95% of the content.. oh well i had to buy it for a class anyway, just wish it was actually worth reading even after i finished the course.
sure are some really tricky/very smart people out there to think of stuff like that though, good trick.. but evil, lol.
still, kudos to someone who thinks of something like that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PATH question satimis Linux From Scratch 5 09-15-2005 10:23 AM
reset pwd to root's current pwd? ataraktos2 Linux - General 10 04-26-2005 04:13 AM
PWD question : Current dir not full path facets Programming 2 06-09-2004 04:58 AM
question about $PATH SigningiS Linux - Newbie 17 10-27-2003 12:35 PM
Question about PATH? eddielins Linux - General 6 04-02-2001 08:18 AM


All times are GMT -5. The time now is 09:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration