0

I have an upcoming test and looking at past years they always ask a similar question. Basically the security hole that would be created by setting something like:

PATH=".:/bin:/usr/bin"

I get that PATH determines the absolute directories to be searched for the executable when the user calls a command such as "ls". I'm just not sure what behavior the above would cause.

It seems that it would first check the current directory (based on the '.') for a "/bin" directory and then move on to the absolute directory "/usr/bin" if there isn't one. The issue being that if a user called "ls" and an attacker had created a "/bin" in the current directory, it could contain a version of ls that for instance deletes a bunch of files.

Is this on the right track or am I misunderstanding the PATH notation?

yhsdygdyusgdysgdsudsd
  • 9
  • 1

1 Answers1

1

PATH=".:/bin:/usr/bin"

You are misundestanding the notation, the colons are seperators, so this will check in the following places (in order)

  1. "." the current directory
  2. "/bin" typically the place where critical binaries are stored
  3. "/usr/bin" typically the place where less critical binaries are stored

Having "/bin" and "/usr/bin" on the path is perfectly normal.

having "." on the path, especially as the first place to search is dangerous because the current directory will often be a directory that can be written by one or more other users. Those users can create files in the directory which you are likely to inadvertantly execute (for example by creating a file called "ls") giving them the ability to get their code executed by your user.

Peter Green
  • 4,211
  • 12
  • 30