Dotan Cohen wrote: > 2009/1/13 Daryl Styrk <darylst...@gmail.com>: >> Mike Castle wrote: >>> On Tue, Jan 13, 2009 at 8:15 AM, Dotan Cohen <dotanco...@gmail.com> wrote: >>>> Put the new bin BEFORE the old path. >>> Huh? Why? >> According to "Learning the BASH Shell" by Cameron Newham and Bill >> Rosenblatt it is dangerous to have personal bin directory listed before >> the public bin directories. >> >> I have no idea what the policy is for quoting excerpts from a book so >> I've chosen to leave it out. If it's ok, I'll be happy to give up the >> couple of lines. >> > > The first path with a matching name will be used. So if you have the > systemwide /usr/bin/firefox and your own personal ~/bin/firefox you > _must_ have your personal bin listed first in the path to get run. > > Why is that dangerous? Because if your account is compromised then > critical system programs (ls, cd, and the like) can be easily replaced > with compromised versions. Putting your own bin at the end of the path > is meant to thwart this. > >> I have no idea what the policy is for quoting excerpts from a book so >> I've chosen to leave it out. If it's ok, I'll be happy to give up the >> couple of lines. >> > > Fair use: pretty much it you can type it out in a few lines it's fair game. >
"This is unsafe because you are trusting that your own version of the more command works properly. But it is also risky for a more important reason: system security. If your PATH is set up in this way, you leave open a "hole" that is well known to computer crackers and mischief makers: they can install "Trojan horses" and do other things to steal files or do damage." There is a senerio that goes on to detail how a user with a suid script in their personal bin directory before a public bin. Creating a Trojan that looks for a common utility such as grep.. The example script.. "cp /bin/bash filenamechown root filenamechmod 4755 filename/bin/grep "$@"rm ~/bin/grep" "Sits back and waits for the user to run the suid shell script—which calls the Trojan horse, which in turn creates the suid shell and then self-destructs." If you have the book I'm looking at chapter 10. 10.3.2 to be exact. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
