Thread: Relative pathname for executable file
View Single Post
  #8 (permalink)  
Old 30-Jun-2009, 20:15
ken_yap ken_yap is offline
Flux Capacitor Penguin
  
Join Date: Jun 2008
Location: GMT+10
Posts: 5,230
ken_yap has a reputation to be proud ofken_yap has a reputation to be proud ofken_yap has a reputation to be proud ofken_yap has a reputation to be proud ofken_yap has a reputation to be proud ofken_yap has a reputation to be proud ofken_yap has a reputation to be proud ofken_yap has a reputation to be proud ofken_yap has a reputation to be proud ofken_yap has a reputation to be proud of
Default Re: Relative pathname for executable file
It's less risky but there is still the possibility to take advantage of typing mistakes. The user could plant a command which is close to an existing command, e.g. nestat, when root meant to type netstat. The nestat command would then silently grant the user root privileges (one way is to bless a command as root setuid), and then exit with "nestat not found". Nothing would seem amiss.
Reply With Quote