[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PATH and security
|
From: |
Jim Meyering |
|
Subject: |
Re: PATH and security |
|
Date: |
Wed, 23 Apr 2008 01:13:49 +0200 |
Bruno Haible <address@hidden> wrote:
> Jim Meyering wrote:
>> If security isn't enough of an argument, you can consider this yet another
>> reason not to put "." early in your PATH. Please consider removing
>> "." from your PATH altogether. Yes, that does make for some small amount
>> of extra typing (you have to prefix certain commands with "./"), but
>> that is a small price to pay for the reduced risk of mishap.
>> [Sorry to harp on this again, but I wouldn't want readers to get the
>> impression that it's ok to have "." *anywhere* in PATH, much less
>> near the beginning. ]
>
> The only security argument I've seen so far against "." in PATH is that
> every user, at some point in time, does things like
> $ cd /tmp
> $ ls -l
> and another user on the same machine may have stored a malicious program
> at /tmp/ls.
>
> A similar argument holds for group-writable directories on machines where
> you don't trust all users of the same group.
>
> But when you are on a LAN where you trust all users, or on a firewalled
> machine where you are the only user and even your own sysadmin, I see no
> point in reducing the PATH. - If you trust everyone in your house, and have
> a lock at the door of your house, would you also lock your bedroom's door
> at night?
Habits are habits.
If I acquire habits that are safe only in a few
protected environments, what's to prevent that often-safe
behavior from leaking into an environment where it's no longer safe?
I prefer to maintain safe habits.
Besides, I recognize that no system is immune from risk.
I.e., a bug in my browser may allow malicious code to create
that /tmp/ls file you mentioned.