Recipe 9.7 Testing Your Search Path

Previous page
Table of content
Next page

9.7.1 Problem

You want to avoid invoking the wrong program of a given name.

9.7.2 Solution

Ensure that your search path contains no relative directories:

$ perl -e 'print "PATH contains insecure relative directory \"$_\"\n"               foreach grep ! m[^/], split /:/, $ENV{"PATH"}, -1;'

9.7.3 Discussion

Imagine you innocently type ls while your current working directory is /tmp, and you discover to your chagrin that you have just run a malicious program, /tmp/ls, instead of the expected /bin/ls. Worse, you might not notice at all, if the rogue program behaves like the real version while performing other nefarious activities silently.

This can happen if your search path contains a period ("."), meaning the current working directory. The possibility of unexpected behavior is higher if "." is early in your search path, but even the last position is not safe: consider the possibility of misspellings. A cracker could create a malicious /tmp/hwo, a misspelling of the common who command, and hope you type "hwo" sometime while you're in /tmp. As there is no earlier "hwo" in your search path, you'll unintentionally run the cracker's ./hwo program. (Which no doubt prints, `basename $SHELL`: hwo: command not found to stderr while secretly demolishing your filesystem.) Play it safe and keep "." out of your search path.

An empty search path element two adjacent colons, or a leading or trailing colon also refers to the current working directory. These are sometimes created inadvertently by scripts that paste together the PATH environment variable with ":" separators, adding one too many, or adding an extra separator at the beginning or end.

In fact, any relative directories in your search path are dangerous, as they implicitly refer to the current working directory. Remove all of these relative directories: you can still run programs (securely!) by explicitly typing their relative directory, as in:

./myprogram

Our recipe uses a short Perl script to split the PATH environment variable, complaining about any directory that is not absolute (i.e., that does not start with a "/" character). The negative limit (-1) for split is important for noticing troublesome empty directories at the end of the search path.

9.7.4 See Also

environ(5).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Cisco Voice Gateways and Gatekeepers
101 Microsoft Visual Basic .NET Applications
An Introduction to Design Patterns in C++ with Qt 4
The Oracle Hackers Handbook: Hacking and Defending Oracle
Java All-In-One Desk Reference For Dummies
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy