 | | | how to execute an excutable file | how to execute an excutable file 2007-02-27 - By Michael Velez
Back
> -- --Original Message-- --
> From: redhat-install-list-bounces@(protected)
> [mailto:redhat-install-list-bounces@(protected)] On Behalf Of narendra
> Sent: Tuesday, February 27, 2007 5:12 AM
> To: Getting started with Red Hat Linux
> Subject: RE: how to execute an excutable file
>
> Hi,
> why shouldn't current working directory be in the PATH??
>
> Narendra
>
This is more important for the 'root' user as opposed to regular users but I
guess one could advise it for all users.
It's to avoid a security risk called a Trojan Horse. A Trojan Horse is an
executable that has the same name as a standard Linux/Unix system command
but does something completely different.
Say you're in the 'tmp' directory (or any publicly accessible directory) and
an unknown user has created a program called 'ifconfig' in that directory.
You, as root, would like to execute the 'ifconfig' command while in the tmp
directory. If '.' is in the path before /sbin is, you will inadvertently
execute the 'ifconfig' command in the tmp directory. That ifconfig command,
run as the root user, can do anything it wants, even give root permissions
to any other user.
That is why the 'root' user should only have well-defined system directories
in its path, and definitely not directories that are publicly-accessible.
Since '.' can point to anything, it should never be in the path.
Variants of this idea can also apply to all users.
Michael
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Redhat-install-list mailing list
Redhat-install-list@(protected)
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@(protected)
Subject: unsubscribe
|
|
|