[3127] in Release_Engineering
Re: NetProb ticket #831, bad path in default zwgc.desc
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue Nov 9 15:24:30 1993
Date: Tue, 9 Nov 1993 15:24:13 -0500
To: "Barry Jaspan" <bjaspan@security.ov.com>
Cc: vrt@MIT.EDU, rel-eng@MIT.EDU
In-Reply-To: Barry Jaspan's message of Tue, 9 Nov 93 10:49:09 EST,
From: "Richard Basch" <basch@MIT.EDU>
Date: Tue, 9 Nov 93 10:49:09 EST
From: "Barry Jaspan" <bjaspan@security.ov.com>
From: probe@MIT.EDU
Date: Mon, 8 Nov 1993 12:50:31 -0500
This simply needs a path change in the source tree; in my Zephyr
sources, I do not bother specifying a path; I leave it to the PATH
environment. So, my recommendation is to change it to read: exec
"zmailnotify".
(Pardon me for butting in, but I seem not to have removed rel-eng from
my .meetings file. :-)
That solution makes my teeth itch. If I know a user logs in on a
certain machine often, and I know the user has locker X in PATH and
attaches locker X at login, I can log into the machine, attach some
other locker on /mit/X (like, say, my homedir), put a trojan-horse
zmailnotify in bin, and then wait for the user to log in.
Perhaps some detail about this precise attack wouldn't work, but I
still recommend an explicit path.
Yeah, a user would have to explicitly add locker X to his path prior to
his other lockers. "add" appends the locker to the path, so this attack
is highly unlikely to happen... (this is why "add" was made the way it
was).
-Richard
