Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
My lab sheet says that if the $PATH in root has a trailing “.”, it is likely that an attacker can gain superuser access by forcing an admin to operate as root to execute some malicious program. I dont understand this at all! Can someone explain to me what the above sentence means? And how do I remove the “.”?
echo $PATH
/usr/sbin:/usr/bin:/usr/openwin/bin:/usr/ucb:.
This is in Solaris 10 btw.
In your ~/.profile file or maybe in your ~/.bashrc file (By ~/ I mean your home directory)
Now you have removed the trailing .
BTW: /usr/xpg4/bin has more modern versions of commands like awk – you may want to put it in your PATH variable before /usr/bin unless you were instructed to keep your PATH as is.
What the statement refers to is this:
Suppose the bad guys corrupted some executable file. One that lives in an application directory.
If you cd to that directory and then typed the name of the bad file it would run. And you might not know it happend. Maybe the file sends masses of of email all over the world. Or places a worm in some other executable file in your home directory. You get the idea.