[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Minor flaw in Caldera OpenLinux 1.2

From: Andy McRory <pcdr pcdr com>
To: linux-security redhat com
Subject: Minor flaw in Caldera OpenLinux 1.2
Date: Sun, 17 May 1998 10:10:34 -0400 (EDT)

(I almost didn't post this cause I hope you would notice it immediately
after installing the OS... It's here for the people that don't/won't use
Caldera OpenLinux 1.2 ) 

Hello to all!

By default, Caldera OpenLinux 1.2 adds the currrent working directory to
the end of the $PATH on login. This of course gives a normal user the
possibility of gaining a root shell by tricking root into running a shell
script in his/her home directory or other publicly writable directory. 

I asked Caldera about it and they dismissed it as a not being bad enough
to worry about it. I'll let you decide how bad having the CWD in your path
is or isn't. 

Ciao!


Andy McRory
Systems Administrator
-
The PC Doctor - pcdr pcdr com         **** LiNUX Systems Engineers ****
3009-C West Tharpe St.                *      Network  Integrators     *
Tallahassee, Florida 32303            * Custom Servers & Workstations *
Ph 850.575.7213 Fx 850.575.2901       *** Full  Service and Support ***

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]