[3124] in Release_Engineering
Re: NetProb ticket #831, bad path in default zwgc.desc
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Tue Nov 9 10:48:53 1993
Date: Tue, 9 Nov 93 10:49:09 EST
From: "Barry Jaspan" <bjaspan@security.ov.com>
To: probe@MIT.EDU
Cc: vrt@MIT.EDU, rel-eng@MIT.EDU
In-Reply-To: [3123]
From: probe@MIT.EDU
Date: Mon, 8 Nov 1993 12:50:31 -0500
This simply needs a path change in the source tree; in my Zephyr
sources, I do not bother specifying a path; I leave it to the PATH
environment. So, my recommendation is to change it to read: exec
"zmailnotify".
(Pardon me for butting in, but I seem not to have removed rel-eng from
my .meetings file. :-)
That solution makes my teeth itch. If I know a user logs in on a
certain machine often, and I know the user has locker X in PATH and
attaches locker X at login, I can log into the machine, attach some
other locker on /mit/X (like, say, my homedir), put a trojan-horse
zmailnotify in bin, and then wait for the user to log in.
Perhaps some detail about this precise attack wouldn't work, but I
still recommend an explicit path.
Barry
