From: Tim McDaniel <tmcd@panix.com>
Cc: cygwin@cygwin.com
Subject: Re: Latest cygwin.bat - need one
Date: Mon, 12 Dec 2011 07:13:00 -0000 [thread overview]
Message-ID: <Pine.NEB.4.64.1112120101590.29339@panix1.panix.com> (raw)
In-Reply-To: <20111212063131.GE4028@mrvideo.vidiot.com>
On Mon, 12 Dec 2011, Mike Brown wrote:
> Doing some more digging I found
> the following posting (via google):
>
> > Does changing 'bash' to '/bin/bash' make a difference?
>
> Answering my own question: yes.
>
> There was a change in execvp()'s behaviour to no longer look up
> an executable in the current working directory, wasn't there? I
> can't find it in the ChangeLog though.
>
> You've got to be kidding. Why was the looking into CWD removed?
PATH specifies the list of directories to search for executables.
So if execvp() ever used "." unconditionally regardless of PATH,
then it violated one of the most long-standing UNIXy rules.
It can also be a massive security hole. On a multi-user system,
I can put a script named "ls" in /tmp, or other likely directory for
others to cd to, to
- copy /bin/bash to some location
- set the setuid bit and setgid on this copy
- run /bin/ls
(Bonus points: somehow filter out this nasty ls script if they are
looking at /tmp. This is hard.)
Anyone foolish enough to put "." near the start of their PATH and who
did
cd /tmp
ls
would thereby get their account hacked, and changing their password
would do no good. I removed "." from my PATH in the 1980s for just
this reason. At least if "." is after standard system directories
like /bin /usr/bin, it mitigates the problem to a large extent: it
catches only typos and attempts to run programs that you don't have
installed. I wonder if there are any common typos to try for.
If execvp() ever looked in "." unconditionally, there would be no way
to ever completely close this security hole.
--
Tim McDaniel, tmcd@panix.com
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2011-12-12 7:13 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-12 5:48 Mike Brown
2011-12-12 6:31 ` Mike Brown
2011-12-12 7:13 ` Tim McDaniel [this message]
2011-12-12 8:01 ` Mike Brown
2011-12-12 15:45 ` Ken Brown
2011-12-12 17:45 ` Mike Brown
2011-12-12 20:19 ` Jeremy Bopp
2011-12-12 20:28 ` Ken Brown
2011-12-12 21:24 ` Mike Brown
2011-12-12 21:30 ` Jeremy Bopp
2011-12-13 0:11 ` Gary Johnson
2011-12-13 1:38 ` Mike Brown
2011-12-13 2:07 ` mintty Mike Brown
2011-12-13 3:07 ` Latest cygwin.bat - need one Ken Brown
2011-12-13 4:24 ` Mike Brown
2011-12-13 3:12 ` Jeremy Bopp
2011-12-13 11:34 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.NEB.4.64.1112120101590.29339@panix1.panix.com \
--to=tmcd@panix.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).