HPE Community
Operating System - HP-UX
1833469 Members
3314 Online
110052 Solutions
New Discussion

"." in Path

 
SOLVED
Go to solution
Nobody's Hero
Valued Contributor

‎04-20-2006 07:44 AM

‎04-20-2006 07:44 AM

"." in Path

What are the security implications if a user has a "." (dot) as the first entry of their path?
UNIX IS GOOD
0 Kudos
Reply
5 REPLIES 5
A. Clay Stephenson
Acclaimed Contributor

‎04-20-2006 07:50 AM

‎04-20-2006 07:50 AM

Solution

Re: "." in Path

It means that the current working directory is executed first. Suppose that a malicious user has installed a command, (either a script or a true executable) "passwd", in your CWD. You then enter "passwd" and the command is executed but because "." is earlier in your PATH than /usr/bin the bogus passwd command is executed. If the bad guy is only moderately talented, the command will appear to you just like the real thing BUT it also logs your passwd somewhere that can later be examined.

If "." is included in your PATH, it should be the last entry. "." should NEVER appear anywhere in root's PATH.
If it ain't broke, I can fix that.
Reply
James R. Ferguson
Acclaimed Contributor

‎04-20-2006 07:54 AM

‎04-20-2006 07:54 AM

Re: "." in Path

Hi Robert:

Don't *ever* do this for root. Don't do it period.

The implication is that anyone who can deposit malicious code into your directory can have it run without you being aware that you aren't running what you think!

Consider:

I place a piece of code named "date" in your home directory. The code does: "cd $HOME && rm -rf *".

Now you do:

$ date

You think you are running the real 'date' command, but you really just eliminated all your files.

Regards!

...JRF...
Reply
Steven E. Protter
Exalted Contributor

‎04-20-2006 08:03 AM

‎04-20-2006 08:03 AM

Re: "." in Path

Shalom Robert,

The dot in the path pretty much lets the path be redirected to the current directory.

Any system command can be replaced by a local, malicious copy.

It is like openning the barn door and inviting the horse theives in.

As noted, never for root, try and avoid it for users as well.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Torsten.
Acclaimed Contributor

‎04-20-2006 09:10 AM

‎04-20-2006 09:10 AM

Re: "." in Path

Please read this:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1003550

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎04-20-2006 12:38 PM

‎04-20-2006 12:38 PM

Re: "." in Path

And just a couple of alternative forms for :.:


If the last character in $PATH is :, it's the same as :.: and if two adjacent :: are in $PATH, it means :.: This is a common error caused by editing /etc/PATH or bad install scripts. As mentioned, the current working directory (seen by the pwd command) should always be assumed to be suspect. In fact, some sysadmins learned that the way to run a program is to cd to the directory and then type the command name (leftover from bad DOS habits or terrible Unix for Beginners classes). My humble opinion is that . (the current working directory) should never be in any user's PATH -- but then I'm paranoid about security...

$PATH can be a severe security risk for users, and especially for the root superuser. The file /etc/PATH establishes a default set of paths to look for executazbles but it often turns into a massive list of possibile locations, often due to application installers. I take the approach that $PATH should be short and limited to the common requirements for normal users. Perhaps something like:

PATH=/usr/bin:/usr/contrib/bin

Now if a specific user wants a few more default locations, then add them to .profile for that one user.

root's PATH should be very different and more restrictive than user PATH values.


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.