Hi Christian,
You are trying to convince people don't use `.' path in environment.
But I think this is not the question of safety but convinience of using
standard programs and local utilities: if you prefer to execute local
programs first -- put the dot in the first place, don't like it -- put it
last in a row. So your example will work only in certain cases of
inattention. It is similar to accident execution `rm -rf /' with root
priveleges.
Best regards,
Stanislav.
On 6 Dec 2002, Fons Rademakers wrote:
> Hi Christian,
>
> yes I know that, was just a quick fix. Better is to put $ROOTSYS/test
> in the library path (-rpath is not supported on all platforms, otherwise
> that is the best solution).
>
> -- Fons
>
>
> PS: hope everybody takes you lesson to heart anyway.
>
>
> On Fri, 2002-12-06 at 13:48, Christian Holm Christensen wrote:
> > Hi all,
> >
> > Fons Rademakers <Fons.Rademakers@cern.ch> wrote concerning
> > [ROOT] missing libEvent [05 Dec 2002 16:22:29 +0100]
> > ----------------------------------------------------------------------
> > > You should have one. Make sure that "." is in LD_LIBRARY_PATH.
> >
> > Having "." in ones LD_LIBRARY_PATH or PATH environment variables is a
> > really bad idea. Witness this program:
> >
> > int main(int argc, char** argv)
> > {
> > pid_t pid = fork();
> >
> > if (!pid) { // child
> > while (true) {
> > sleep(EVIL_SLP);
> > std::cout << EVIL_MSG << getpid() << std::endl;
> > }
> > }
> > else { // parent
> > argv[0] = GOOD_LS;
> > execv(GOOD_LS, argv);
> > }
> > return 0;
> > }
> >
> > Compile this into an executable called `ls', and put that in the
> > current directory. Then try to execute `ls' normally - you'll execute
> > a Trojan horse.
> >
> > You can play the same trick with a library (a C source file):
> >
> > void _init() {
> > pid_t pid;
> > pid = fork();
> >
> > setenv("LD_PRELOAD", EVIL_LIB);
> > if (!pid) { // child
> > while (1) {
> > sleep(EVIL_SLP);
> > printf("%s %d\n", EVIL_MSG, getpid());
> > }
> > }
> > else
> > dlopen("/lib/libc.so.6", RTLD_LAZY);
> > }
> >
> > Compile this code into a shared library called `libc.so.6' and put it
> > in the current directory - now execute _any_ command and you'll
> > execute a Trojan horse.
> >
> > [An aside, to make this into a shared library on GNU/Linux, you need
> > to specify the flag `-nostdlib' to the linker]
> >
> > As you can see, it's not recommendable to have relative paths in
> > either LD_LIBRARY_PATH or PATH - you will be vulnerable to Trojan
> > horses. Note, that this is entirely a user mistake - not a SysOp or
> > OS mistake. _Always_ use absolute paths!
> >
> > Yours,
> >
> > ___ | Christian Holm Christensen
> > |_| | -------------------------------------------------------------
> > | | Address: Sankt Hansgade 23, 1. th. Phone: (+45) 35 35 96 91
> > _| DK-2200 Copenhagen N Cell: (+45) 24 61 85 91
> > _| Denmark Office: (+45) 353 25 305
> > ____| Email: cholm@nbi.dk Web: www.nbi.dk/~cholm
> > | |
>
This archive was generated by hypermail 2b29 : Sat Jan 04 2003 - 23:51:22 MET