[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Possible security bug - :: in PATH behaves as if it were "."
From: |
Asten Rathbun |
Subject: |
Possible security bug - :: in PATH behaves as if it were "." |
Date: |
Sun, 16 Oct 2005 23:22:10 -0500 |
Hi,
Unfortunately I have a slack distro that doesn't include bashbug and
was having issues getting it compiled right, so please accept this bug
report... this confounded me for awhlie
----The version number and release status of Bash
root@www:/usr/local/www/bin# bash --version
GNU bash, version 3.00.15(2)-release (i486-slackware-linux-gnu)
Copyright (C) 2004 Free Software Foundation, Inc.
----The machine and OS that it is running on:
Slackware, i686-pc-linux-gnu)
A list of the compilation flags or the contents of `config.h', if appropriate
N/A
---A description of the bug
I noticed that I was able to run executables that shouldn't have been
in my path while in the directory as root. This is akin to having the
"." directory in Root's path - a well-known no-no. However, the PATH
variable did *NOT* include ".". In setting the path, two :
separators were left next to each other. Removing the extra : removes
the effect.
---A recipe for recreating the bug reliably
(Notice extraneous : after /sbin)
root@www:/usr/local/www/bin# echo $PATH
/usr/local/sbin:/usr/sbin:/sbin::/usr/local/mysql/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/lib/java/bin:/usr/lib/java/jre/bin
root@www:/usr/local/www/bin# apachectl
Usage: /usr/local/www/bin/httpd [-D name] [-d directory] [-f file]
[-C "directive"] [-c "directive"]
[-k start|restart|graceful|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-S]
<snip>
root@www:/usr/local/www/bin#
PATH=/usr/local/sbin:/usr/sbin/sbin:/usr/local/mysql/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/lib/java/bin:/usr/lib/java/jre/bin
root@www:/usr/local/www/bin# apachectrl
-bash: apachectrl: command not found
----A fix for the bug if you have one!
Sorry, no fix.
- Possible security bug - :: in PATH behaves as if it were ".",
Asten Rathbun <=