Jeff Kinz wrote:
> You should always use the absolute paths to invoke commands in any script
> run by root. This prevents people from putting "trojans" in the path
This *shouldn't* be necessary, at least on Linux. [1]
The two rules that are necessary anyway are
* Root's $PATH should never include any directory where non-"trusted"
users can write.
* Root should only ever run "trusted" scripts.
And no-one can put trojans in the path.
OK, I suppose you *can* get around Rule 1 by *always* using absolute
paths, but you do have to make sure that both interactive users and
scripts always follow that rule. This isn't the norm, and is difficult
to enforce.
You will notice that the Fedora shell scripts in /etc/ don't follow your
suggested rule...
James.
[1] Certain Unices honoured the SetUID bit on shell scripts. That meant
that an attacker could set the PATH appropriately and run the script.
The script would run as root, but inherit the attacker's PATH. So unless
the script reset PATH first, it could be running the attacker's
"versions" of standard shell commands.
There were a number of other things that needed doing, and that shell
scripts didn't always do. This is (one reason) why Linux does not honour
the SetUID bit on shell scripts.
--
E-mail address: james | The other shamans laughed at Norgle's Balloon
@westexe.demon.co.uk | Animal totem, but he'd show 'em! He'd show 'em all!
| Except maybe the Porcupine Shaman.
| -- Ursula Vernon
