Danger of setting the environment variable ‘PATH’ with a ‘.’? [closed]

Posted on

Danger of setting the environment variable ‘PATH’ with a ‘.’? [closed] – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, hacking, environment-variables, , .

I have an upcoming test and looking at past years they always ask a similar question. Basically the security hole that would be created by setting something like:

PATH=".:/bin:/usr/bin"

I get that PATH determines the absolute directories to be searched for the executable when the user calls a command such as “ls”. I’m just not sure what behavior the above would cause.

It seems that it would first check the current directory (based on the ‘.’) for a “/bin” directory and then move on to the absolute directory “/usr/bin” if there isn’t one. The issue being that if a user called “ls” and an attacker had created a “/bin” in the current directory, it could contain a version of ls that for instance deletes a bunch of files.

Is this on the right track or am I misunderstanding the PATH notation?

Solution :

PATH=”.:/bin:/usr/bin”

You are misundestanding the notation, the colons are seperators, so this will check in the following places (in order)

  1. “.” the current directory
  2. “/bin” typically the place where critical binaries are stored
  3. “/usr/bin” typically the place where less critical binaries are stored

Having “/bin” and “/usr/bin” on the path is perfectly normal.

having “.” on the path, especially as the first place to search is dangerous because the current directory will often be a directory that can be written by one or more other users. Those users can create files in the directory which you are likely to inadvertantly execute (for example by creating a file called “ls”) giving them the ability to get their code executed by your user.

Leave a Reply

Your email address will not be published.