On Sat, Jan 08, 2005 at 11:39:48PM +0000, James Wilkinson wrote: > Jeff Kinz wrote: > > You should always use the absolute paths to invoke commands in any script > > run by root. This prevents people from putting "trojans" in the path > > This *shouldn't* be necessary, at least on Linux. [1] I agree - it "shouldn't" be necessary, and in fact you forgot that I said : >>>As a practical matter almost no one uses the "only invoke commands by >>>>absolute path" approach. Its too cumbersome. Realistically, the absolute path to a command technique will never enter general use. I do use it myself when building installation tools or when developing tools which will run as third party software on other peoples systems. Like the "configure" tool - you should never assume much about how any other site is configured. Fortunately, like "configure" it easy to do a little bit of probing and set these values up to be used as needed in a variable. Then they can be used easily without fear and without awkwardness. For example "LS=/bin/ls" (after to checking to see if it is in deed there) then for "ls" simply use $LS as needed. This is a common approach seen in many scripts. However the real issue here is the difference between a large, strictly administered corporate-style computing environment and that which the fedora list is more likely to be addressing: a less formal, less strict, less regulated and perhaps home or non-business style computing environment which is where these two rules of yours (below) simply will not exist because the local administrator lacks the knowledge to knowingly follow those rules. As you may recall the original question was from a person who could not figure out how to overcome the aliasing of the "rm" and "cp" commands in the script they were creating. this is indicative of the level of knowledge which we will be seeing on more and more self-administered Fedora or Linux systems. James' two rules which less experienced Root users need to be aware of: (But probably will not be aware of) > * Root's $PATH should never include any directory where non-"trusted" > users can write. > > * Root should only ever run "trusted" scripts. > > And no-one can put trojans in the path. > > OK, I suppose you *can* get around Rule 1 by *always* using absolute > paths, but you do have to make sure that both interactive users and > scripts always follow that rule. This isn't the norm, and is difficult > to enforce. I agree - and again I said : >>>As a practical matter almost no one uses the "only invoke commands by >>>>absolute path" approach. Its too cumbersome. [[ re-account of recently history on suid deleted ]] -- Linux/Open Source: Your infrastructure belongs to you, free, forever. Idealism: "Realism applied over a longer time period" http://www.scaled.com/projects/tierone/ http://kinz.org http://www.fedoratracker.org http://www.fedorafaq.org http://www.fedoranews.org Jeff Kinz, Emergent Research, Hudson, MA. ~ ~ ~ ~
