Hi Christian, You are trying to convince people don't use `.' path in environment. But I think this is not the question of safety but convinience of using standard programs and local utilities: if you prefer to execute local programs first -- put the dot in the first place, don't like it -- put it last in a row. So your example will work only in certain cases of inattention. It is similar to accident execution `rm -rf /' with root priveleges. Best regards, Stanislav. On 6 Dec 2002, Fons Rademakers wrote: > Hi Christian, > > yes I know that, was just a quick fix. Better is to put $ROOTSYS/test > in the library path (-rpath is not supported on all platforms, otherwise > that is the best solution). > > -- Fons > > > PS: hope everybody takes you lesson to heart anyway. > > > On Fri, 2002-12-06 at 13:48, Christian Holm Christensen wrote: > > Hi all, > > > > Fons Rademakers <Fons.Rademakers@cern.ch> wrote concerning > > [ROOT] missing libEvent [05 Dec 2002 16:22:29 +0100] > > ---------------------------------------------------------------------- > > > You should have one. Make sure that "." is in LD_LIBRARY_PATH. > > > > Having "." in ones LD_LIBRARY_PATH or PATH environment variables is a > > really bad idea. Witness this program: > > > > int main(int argc, char** argv) > > { > > pid_t pid = fork(); > > > > if (!pid) { // child > > while (true) { > > sleep(EVIL_SLP); > > std::cout << EVIL_MSG << getpid() << std::endl; > > } > > } > > else { // parent > > argv[0] = GOOD_LS; > > execv(GOOD_LS, argv); > > } > > return 0; > > } > > > > Compile this into an executable called `ls', and put that in the > > current directory. Then try to execute `ls' normally - you'll execute > > a Trojan horse. > > > > You can play the same trick with a library (a C source file): > > > > void _init() { > > pid_t pid; > > pid = fork(); > > > > setenv("LD_PRELOAD", EVIL_LIB); > > if (!pid) { // child > > while (1) { > > sleep(EVIL_SLP); > > printf("%s %d\n", EVIL_MSG, getpid()); > > } > > } > > else > > dlopen("/lib/libc.so.6", RTLD_LAZY); > > } > > > > Compile this code into a shared library called `libc.so.6' and put it > > in the current directory - now execute _any_ command and you'll > > execute a Trojan horse. > > > > [An aside, to make this into a shared library on GNU/Linux, you need > > to specify the flag `-nostdlib' to the linker] > > > > As you can see, it's not recommendable to have relative paths in > > either LD_LIBRARY_PATH or PATH - you will be vulnerable to Trojan > > horses. Note, that this is entirely a user mistake - not a SysOp or > > OS mistake. _Always_ use absolute paths! > > > > Yours, > > > > ___ | Christian Holm Christensen > > |_| | ------------------------------------------------------------- > > | | Address: Sankt Hansgade 23, 1. th. Phone: (+45) 35 35 96 91 > > _| DK-2200 Copenhagen N Cell: (+45) 24 61 85 91 > > _| Denmark Office: (+45) 353 25 305 > > ____| Email: cholm@nbi.dk Web: www.nbi.dk/~cholm > > | | >
This archive was generated by hypermail 2b29 : Sat Jan 04 2003 - 23:51:22 MET