According to Guy Smith:
>
> Warren Gill ([log in to unmask]) wrote:
>
> >         That recommendation only applies to the root user.  It's not that bad
> > for other users.  The security problem is that someone (non-root) could
> > create a script that "hooks" into another command.  For example, I could
> > write a script called "ls" that does an ls and then does an rm -rf /
> > If root happens to be logged into that directory (say I put "ls" in
> > /usr/local/bin) and "." is in the path BEFORE /bin and /usr/bin  _and_
> > he or she types "ls" then my script would be executed instead of the real "ls"
>
> Even better, the user could write a script that:
>
> 1) Would perform the ls
> 2) Would make a hidden copy of a shell
> 3) Change the execute-as-owner parmaters for the file so it runs with
>    root capability
>
[etc.]
 
Another use, where this is a problem for any user that regularly uses su,
is that another user can setup a Trojan horse script by naming the command
"su" then when executed it does a password prompt and copies the password
to a place it can be gotten later, issues an error message "incorrect login"
and purges itself. The system admin who is trying to get root assumes that
he/she mistyped the password. The 2nd time they try it, the real su runs
and worked fine - so they don't suspect much. Any time you use su and it
tells you "incorrect login" - be careful.
 
Do not put "." in the path of any user who uses su and only use su from
directories that are "safe" (ie not writable by others). This is one of
the ways that programs that are allowed to create files from a non-secure
source (ie ftp incoming) can be a problem.
 
--
-- - - - Speaking for myself and not necessarily anybody else - - - - - -
Richard Gambrell        | Internet: [log in to unmask]
Mgr. Tech. Services     | POT:      504-483-7454     FAX: 504-482-1561
Xavier University of LA | Smail:    7325 Palmetto, New Orleans, LA 70125