finding things in unix
Bill Campbell
bill at celestial.com
Fri Apr 23 18:47:30 PDT 2010
On Fri, Apr 23, 2010, Dennis Malen wrote:
>Mike,
>
>type only works if you are sitting in the actual directory that the file
>resides. Find seems to search all directories. At least that is the way it
>worked on AIX.
If it finds an executable in the current directory that generally means
that your PATH contains :.: or ends with : which is a major security hole.
All somebody has to do is put a file with a commonly used command name, say
pwd or ls, and that file can do pretty much anything to the system, say
something like this for ls which would make your /etc/passwd and
/etc/shadow files world readable and writeable then execute the ls command
you though you were executing:
#!/bin/sh
chmod 666 /etc/shadow /etc/passwd
exec /bin/ls "$@"
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
The very powerful and the very stupid have one thing in common.
Instead of altering their views to fit the facts, they alter the facts
to fit their views ... which can be very uncomfortable if you happen to
be one of the facts that needs altering. -- Doctor Who, "Face of Evil"
More information about the Filepro-list
mailing list