Next
Previous
Contents
The path is sometimes a big security problem. It is a very common way
to hack into a system using some mistakes in path settings. It is
easy to make Trojan horse attacks if hacker gets root or other users
to execute his versions of commands.
A common mistake in the past (?) was to keep '.' in the root's path.
Malicious hacker makes program 'ls' in his home directory. If root
makes
# cd ~hacker
# ls
he executes ls command of hacker's.
Indirectly, this same applies to all the programs that are executed as
root. Any of the important daemon processes should never execute
anything that some other user can write into. In some systems,
/usr/local/bin is allowed to contain programs with less strict
security screening - it is just removed from the path of the root
user. However, if it is known that some daemon executes 'foo' using
path '/usr/local/bin/:...', it may be possible to cheat daemon to
execute '/usr/local/bin/foo' instead of '/bin/foo'. Likely anybody
who can write to '/usr/local/bin' is able to break into the system.
It is very important to consider in what order the directories are in
the path. If /usr/local/bin is before /bin, it is a security risk -
if it is after, it is not possible to overwrite command /bin/foo with
some localized modification in /usr/local/bin/foo.
In Linux it should be remembered that the path evaluation is done in
the operating system call level. Everywhere where an executable file
path is given you can give a short name that is searched at least from
/bin and /usr/bin - likely from many other places as well.
Next
Previous
Contents
| 
Free eBook: 
