LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page PATH & chmod
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-03-2005, 08:54 PM   #1
Intimidator
Member
 
Registered: Mar 2005
Distribution: FC4
Posts: 83

Rep: Reputation: 15
PATH & chmod

hey

I have done the following way
Code:
 $ cp /usr/bin/talk  ~/bin/
 $ su -
 $ chmod 700 /usr/bin/talk
 $ logout
 $ export PATH=~/bin:$PATH
 $ talk
It worked.

=> It is possible for normal users to copy programs from other systems to their ~/bin/
directory.I mean the programs for which they don't have permission to execute in /usr/bin
/usr/local/bin

we can execute any program by this way

I came to know that the only way to stop this hack is to deny permission for normal users
to change the PATH environment variable

Any more suggestions for root??






Last edited by Intimidator; 05-03-2005 at 09:03 PM.
 
Old 05-03-2005, 10:13 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
Yes, users can copy any executable they have read permission on to anywhere they have write permission. So they can copy binaries from other systems, which may or may not run depending on library versions etc. You can use a restricted shell (which does prevent changing the $PATH and forbids users for simply specifying the full path to commands) as one way around this. You could also confine users to a chroot jail missing many libraries (I do this on one system).
 
Old 05-03-2005, 10:30 PM   #3
Intimidator
Member
 
Registered: Mar 2005
Distribution: FC4
Posts: 83

Original Poster
Rep: Reputation: 15
Thanks for that

http://www.justlinux.com/forum/showt...hreadid=139717

The above link gave me a partial solution..

any more suggestions ??
 
Old 05-04-2005, 12:33 AM   #4
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Or you could just make sure anywhere a user has write permission to is mounted noexec. (Done on my server). If you want a user to not be able to copy a binary, remove read permission. On a server at my school where we turn in programming assignments, the turnin program has rwx--x--x permissions... probably intended to keep students such as myself from running "strings" on it, disassembling it, etc. I have to see what strace would do... probably not work either. GDB won't.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Java PATH & easyIO & zip ? Penetal Linux - Software 9 11-05-2005 02:03 PM
Installing & Upgrading & PATH OH MY! Rivitir Slackware 8 08-18-2005 03:34 PM
Chown & Chmod swatward Linux - Newbie 2 03-01-2005 12:57 PM
Trouble understanding chmod & group permissions gen-ik Linux - Newbie 3 07-19-2004 01:51 PM
chown & chmod is mess up ziggie216 Linux - General 1 12-23-2003 03:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:18 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration