[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why can't I execute a script??

On Thu, 22 Oct 1998, Peter S Galbraith wrote:

 : 
 : "Helge Hafting" wrote:
 : 
 : > You don't have "." in your path, so files are *not* considered executable
 : > just because they are in the *current* directory.
 : > 
 : > This is a security feature.  (Some user could make a nasty script called
 : > "ls"  or similiar in his home directoy.  If you try to look at his files
 : > with ls the nasty script is invoked instead.)
 : >
 : > Ways of solving the problem:
 : > 
 : > 1. Create ~/bin and add that to your path. 
 : >                      This works well and has no security problems.
 :                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 : 
 : If some user is capable of putting a fake `ls' in a random directory where
 : you might trip on it, that user is far more likely to put it in your ~/bin
 : directory!  (Same privileges are required) 

There are still systems where /usr/local is world writable (HP/UX for
one).  The "fake ls in current dir" trick is usually intended to catch
people who are executing ls _in that directory_ (like an admin, for
example)

If your ~/bin directory is writable by anyone other than yourself, you
get what you deserve.

--
Nathan Norman
MidcoNet  410 South Phillips Avenue  Sioux Falls, SD
mailto:finn@midco.net           http://www.midco.net
finger finn@home.midco.net for PGP Key: (0xA33B86E9)
Reply to: