[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: from a.out to running the darned thing.

On Sun, 2005-01-23 at 23:06 -0600, Kent West wrote:
> Travis Crump wrote:
> > I understand . since . could potentially be an insecure directory like 
> > /tmp, but what is wrong with ~/bin?  If an attacker is able to place a 
> > binary in ~/bin doesn't he already have the permissions to do "rm -rf 
> > ~" himself?
> No, "~/bin" is not the same as "/bin". "~/bin" is the current user's 
> directory. Still, I'm not sure that "~/bin" represents a threat, because 

While not a threat to /root, ~/bin:$PATH could be a local threat
to a particular luser.

> the bad guy's "~/bin" won't be in root's path, and the bad guy 
> presumably won't be able to put a bad file in root's "~/bin", which may 
> be what you're saying above.

Ron Johnson, Jr.
Jefferson, LA USA
PGP Key ID 8834C06B I prefer encrypted mail.

"The one function that TV news performs very well is that when
there is no news we give it to you with the same emphasis as if
it were."
David Brinkley

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: