PATH
PATH is a colon-separated list of directories used to find program files. It is searched left-to-right, so if PATH=/home/steve/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11
In PATH, a period (.) is used to represent the current directory of the calling program. Less well known is that a double colon (::) will do the same, and a single colon at the beginning or end of the PATH variable will also expand to the current working directory. So if your PATH=:/usr/bin:/bin, then any file called ls in the current directory will be executed when you call ls.
An attacker could place a malicious ls in /tmp, and simply wait for the superuser to decide to list the files in /tmp
In PATH, a period (.) is used to represent the current directory of the calling program. Less well known is that a double colon (::) will do the same, and a single colon at the beginning or end of the PATH variable will also expand to the current working directory. So if your PATH=:/usr/bin:/bin, then any file called ls in the current directory will be executed when you call ls.
An attacker could place a malicious ls in /tmp, and simply wait for the superuser to decide to list the files in /tmp
Comments
Post a Comment