Re: Weird situation



On 14 Dec 2006, in the Usenet newsgroup comp.os.linux.security, in article
<1166103989.939017.4900@xxxxxxxxxxxxxxxxxxxxxxxxxxx>, Andy C.(never #) wrote:

s. keeling wrote:
Matt Hayden <aquacraft.com>:
Matt Hayden wrote:

SNIP

First, thanks for your replies. You confirm my concerns.

Brief explanation WHY the dot in the path is considered bad.

UNIX is a multi-user operating system, originally run on mainframe type
computers with the multiple users setting at dumb terminals (a display
of some kind and a keyboard). Users are given limited access, such
that they can't alter system binaries, configuration files, and the like.
This access is controlled by permission masks and group ownership.

The 'dot' in the PATH (giving direct command access to the current
directory) is a problem where untrustworthy users have 'write' and
'chmod' access. In the distant past, this was a bunch of students
having access to a common directory. It was great fun to create
a script that erases the victim's home directory. Ha, Ha, Ha. Lacking
the dot in the PATH merely means that the prankster has to convince the
victim to run './ls' rather than 'ls' to have the same result.

Some feel that it's safer to have the 'dot' at the end of the PATH,
rather than somewhere else. While this may be slightly safer, this is
only the case if you don't make 'typ0grafical' errors. I'm sure you
_never_ typed 'ls-l' or 'mroe' or similar, right?

Part one of the common solution is to not have the 'dot' in the PATH.
Another part of the solution is to type the full path to any command.
This is especially important for users with elevated privilege, like
root. Good training stresses that any script should set the PATH to
explicit values - if you are paranoid, you also flush the ENVIRONMENT
and disable aliases.

Why does windoze default to having 'dot' in the PATH? Remember that
windoze is at it's soul a single user, single tasking system with a
heritage from DOS 1.0 running on a single floppy. Different philosophy
entirely.

But, wait, there's more:

If you call within the next ten minutes....

I noticed on one of the production boxes that there were quite a few
"hidden" perl scripts(period first character in file name) and these
boxes have partions that are mounted to windows machines via NFS. I
asked one of the brain trust why they were doing that when a windows
user can see those files because a period in the first position of the
file name doesn't mean anything to windows explorer. The answer was
along the lines that when someone ftp's into those boxes, they don't
want them to see those scripts and accidentally run them.

FTP doesn't allow execution of files, unless you've jumped through
hoops to allow a 'site exec' command.

I blurted out "do you know what chroot does?"

Ummm...

and then I said "Wait a minute, are you talking about regular old ftp?"
and he said "Yeah." with a "so what" kind of voice.

If you are comparing this to a secure shell type of file transfer, the
difference is mainly that the authentication is passed as plain text
over the wire. In a switched network environment, this is a lot less
risky than the old 'party-line' style non-switched network where any
host can sniff all of the traffic. But the question is what kind of
FTP access? Anonymous downloads? Privileged users uploading executables?
There is a bit of a difference in risk. What is the clientele like?
Mischevious kids? Clueless users who have to have crib notes to find the
power switch?

I walked away. Now, I think I need to be looking for another job.

I can see your concern (and I don't disagree with it), but we're a bit
short of the details to gauge if this is just the everyday disaster
waiting to happen, or something where your head will roll when someone
else screws up and mistypes something (intentionally or not).

Old guy
.



Relevant Pages

  • Re: Magdalenian (year seven)
    ... The dot were added to ... it goes back to the Nabataean script, which is a form of Aramaic ... next door neighbor - Old South Arabic) was a sibilant. ... Modern South Arabian has a three sibilant sytem as ...
    (sci.lang)
  • Re: Magdalenian (year seven)
    ... it goes back to the Nabataean script, which is a form of Aramaic ... two dot and the one proto-Semitic consonant lost (but not in Arabic's ... next door neighbor - Old South Arabic) was a sibilant. ... Modern South Arabian has a three sibilant sytem as ...
    (sci.lang)
  • Re: Display korn shell script interactively
    ... I have a ksh shell script which calls another ... cursor position at the place and display one line below it as ... Please wait " with a dot moving from one end to other ... ment is to call the command and while it is processing i need to ...
    (comp.unix.shell)
  • Re: Display korn shell script interactively
    ... I have a ksh shell script which calls another ... cursor position at the place and display one line below it as ... Please wait " with a dot moving from one end to other ... ment is to call the command and while it is processing i need to ...
    (comp.unix.shell)
  • Re: [opensuse] Need some help with a script
    ... Need some help with a script ... arcane and tortured hypothetical scenarios beggar belief. ... Without dot in path, they can't. ... generally ensures somehow that the various commands ...
    (SuSE)