9.7. Testing Your Search Path
Problem
You want to avoid invoking the wrong program of a given name.
Solution
Ensure that your search path contains no relative directories:
$ perl -e 'print "PATH contains insecure relative directory \"$_\"\n" foreach grep ! m[^/], split /:/, $ENV{"PATH"}, -1;'
Discussion
Imagine you innocently type ls while your current working directory is /tmp, and you discover to your chagrin that you have just run a malicious program, /tmp/ls, instead of the expected /bin/ls. Worse, you might not notice at all, if the rogue program behaves like the real version while performing other nefarious activities silently.
This can happen if your search
path contains a period (“.”),
meaning the current working directory. The possibility of unexpected
behavior is higher if “.” is early
in your search path, but even the last position is not safe: consider
the possibility of misspellings. A cracker could create a malicious
/tmp/hwo, a misspelling of the common
who command, and hope you type
“hwo” sometime while
you’re in /tmp. As there is no
earlier “hwo” in your search path,
you’ll unintentionally run the
cracker’s ./hwo program. (Which
no doubt prints, `basename $SHELL`: hwo: command not
found
to stderr while secretly demolishing your
filesystem.) Play it safe and keep
“.” out of your search path.
An empty search path element—two adjacent colons, or a leading or trailing colon— also refers to the current working directory. These are sometimes created inadvertently by ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.