bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible security bug - :: in PATH behaves as if it were "."


From: Asten Rathbun
Subject: Re: Possible security bug - :: in PATH behaves as if it were "."
Date: Sun, 16 Oct 2005 23:28:26 -0500

Hi,

Just kept looking for info on this, and found an old post on
gnu.bash.bug regarding this, where you (Chet) replied saying that this
is how $PATH should work.   Do you have anything mentioning why that
is the case?  It seems like a big security risk, seeing as scripts can
insert things into the path and this kind of situation can arise
pretty easily without the operator knowing it.

At any rate, feel free to reject the bug - sorry I didn't find these
posts earlier.
-Asten

On 10/16/05, Asten Rathbun <arathbun@gmail.com> wrote:
> Hi,
>
> Unfortunately I have a slack distro that doesn't include bashbug and
> was having issues getting it compiled right, so please accept this bug
> report... this confounded me for awhlie
>
>
> ----The version number and release status of Bash
>
> root@www:/usr/local/www/bin# bash --version
> GNU bash, version 3.00.15(2)-release (i486-slackware-linux-gnu)
> Copyright (C) 2004 Free Software Foundation, Inc.
>
>
> ----The machine and OS that it is running on:
> Slackware, i686-pc-linux-gnu)
>
> A list of the compilation flags or the contents of `config.h', if appropriate
> N/A
>
> ---A description of the bug
> I noticed that I was able to run executables that shouldn't have been
> in my path while in the directory as root.  This is akin to having the
> "." directory in Root's path - a well-known no-no.  However, the PATH
> variable did *NOT* include ".".   In setting the path, two :
> separators were left next to each other.  Removing the extra : removes
> the effect.
>
> ---A recipe for recreating the bug reliably
>
> (Notice extraneous : after /sbin)
>
> root@www:/usr/local/www/bin# echo $PATH
> /usr/local/sbin:/usr/sbin:/sbin::/usr/local/mysql/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/lib/java/bin:/usr/lib/java/jre/bin
> root@www:/usr/local/www/bin# apachectl
> Usage: /usr/local/www/bin/httpd [-D name] [-d directory] [-f file]
>                                 [-C "directive"] [-c "directive"]
>                                 [-k start|restart|graceful|stop]
>                                 [-v] [-V] [-h] [-l] [-L] [-t] [-S]
> <snip>
> root@www:/usr/local/www/bin#
> PATH=/usr/local/sbin:/usr/sbin/sbin:/usr/local/mysql/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/lib/java/bin:/usr/lib/java/jre/bin
> root@www:/usr/local/www/bin# apachectrl
> -bash: apachectrl: command not found
>
>
> ----A fix for the bug if you have one!
> Sorry, no fix.
>
>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]