[NTLUG:Discuss] Shortcuts

Steve Baker sjbaker1 at airmail.net
Fri Aug 24 21:09:26 CDT 2001 

Aaron Goldblatt wrote:
> 
> I suppose if someone has access to your account, they can add the ./ to the
> path statement at the same time they drop in the ls script, and so the real
> securty breach is giving someone else access to your account, not including
> ./ in the search order.

Well, that's true - but putting an executable 'ls' (or something more subtle
than that) into every directory you have access too and hope that someone
will sometime stumble into it and run it by mistake could still work. 'ls' is
a good choice because your victim won't be able to see that this file is there
without typing "ls" first!  (I suppose obsessively security conscious sysadmins
might go around typing "echo *" instead - or better still, using file completion
to list the current directory - I don't know anyone who does that).

In these days of single-user PC's and servers that people don't log into
directly this is less of an issue.  Back when I was in college and 10 students
would be logged into the computer science department's PDP-11, that kind of
thing was a big issue...people were always trying to trick each other into
doing stuff like that and not putting "." into your search path was a wise
and valuable thing to learn.  Now that nobody uses my PC but me - I don't
care as much.

> If they don't have access to your account but are instead sticking the file
> in some world-writeable directory and hoping you'll travel there, would not
> putting ./ at the END of your PATH declaration pretty well close this hole?
> The search order would then find, say, ls in /bin prior to searching ./.

Yes - that certainly helps matters.
 
But either way, the biggest problem I find with newbies who do that is that
the very first C program they write is invariably called "test.c" and compiles
to "test".  If "." is in their search path at the beginning of the list then
their program works OK - but a bunch of system commands that are really shell
scripts break mysteriously because they have things like:

    if test "$1" = "-a" ; then ...whatever...

...and the users' own "test" program gets run instead of the system "test"
program - with "interesting" consequences.  I knew a guy at work who did exactly
that and couldn't get the "spell" command to work.  We scratched our heads for
weeks before we realised he'd put a 'test' program into one of his search path
directories.  What's amazing is that he only noticed it with 'spell' and not
any of the other dozens of system programs that call 'test'.

If on the other hand, sometimes people put the "." at the END of the PATH. Then
they are puzzled as to why their little program doesn't seem to work.  They wrote:

   int main ()
   {
     printf ( "Hello World\n" ) ;
   }

...and compiled it to 'test' - then typed 'test' at the command prompt
and it just returned without printing *ANYTHING*.  This is *VERY* hard to
debug!   (In this case, the system's "test" program is being run in
preference to the user's own because /usr/bin/test comes earlier in the
search path than /home/steve/programs/test or whatever)

Since there are usually around 4000 programs in most people's search path,
many with names that you might pick for your own programs, this happens
suprisingly often...and when it does, even the most experienced programmer
can think he's going totally nuts.

> Oh, and a quick note for the person who mentioned the similarity to the PATH=
> statement in AUTOEXEC in DOS:  In DOS, the current directory is always
> included in the search order even if you do not explicitly specify it.

Yes - this is typical of Microsoft trying to be "helpful" without understanding
the consequences of their actions.

> In *nix, the current directory isn't included in the search order unless you
> explicitly specify it as previously described.

Yes - and that's "A Good Thing" even if it does confuse the occasional Windoze
convert.


One other note about 'PATH' is that some shells do a pre-search
for executable programs in the user's path and build them into a hash
table.  This is considered a good thing because it eliminates the time
taken to search all those directories every time you type a command.
However, if you create a new program and put it into one of the directories
in your PATH, you have to type 'rehash' in every shell window or else that
shell program won't "notice" that you added a program.  Not all shells have that
property...but if you create a program for the first time and it seems like
it won't run, that'll be it.

----------------------------- Steve Baker -------------------------------
HomeMail : <sjbaker1 at airmail.net>   WorkMail: <sjbaker at link.com>
HomePage : http://web2.airmail.net/sjbaker1
Projects : http://plib.sf.net       http://tuxaqfh.sf.net
           http://prettypoly.sf.net http://tuxkart.sf.net
           http://freeglut.sf.net   http://toobular.sf.net

More information about the Discuss mailing list