[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Taper

To: sheflug [at] vuw.ac.nz
Subject: RE: Taper
From: "Stephen J. Turnbull" <nospam [at] sk.tsukuba.ac.jp>
Date: Thu, 20 Apr 2000 16:05:40 +0900 (JST)
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: sheflug [at] vuw.ac.nz
Sender: sheflug-bounce [at] vuw.ac.nz

>>>>> "ps" == Paul Sims <psims [at] lombard.co.uk> writes:

    ps> The advice is snipped direct from the FAQ.

Which FAQ?  Taper's?  Do you believe every hack you read about in a
FAQ is a good idea?  It is really common for application programmers
to subvert best practice in favor of convenience.  In this case it's
OK as far as I can tell, as I already said; I just wanted to point out
that as a general matter it's not a good idea to subvert PATH
restrictions, especially if you don't understand the rationale.  And
when you do so, you should leave a trace behind so that you or another
admin will be able to figure out that was done.

Furthermore, it's a simple solution with obvious generalization to
similar situations; but those might involve security or administrative
problems.

A classic example of this is the default setting of SEARCH_HERE_FIRST
in Ghostscript.  From the 6.01 Makefile (I first bitched about this in
Ghostscript 2.4.1, btw, and Peter gave me a clearly well-rehearsed
response very similar to the comment, so I was by no means the first):

# Define whether or not searching for initialization files should always
# look in the current directory first.  This leads to well-known security
# and confusion problems, but users insist on it.
# NOTE: this also affects searching for files named on the command line:
# see the "File searching" section of Use.htm for full details.
# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.

SEARCH_HERE_FIRST=1

I have actually seen a personal data retrieval exploit for this,
packaged as initialization code in a PDF file.  (It was constructed by
one of the "good guys," not found in the wild.)  I think you might be
able to find it on CERT somewhere, but I don't remember where I saw
it.

Once again, the security argument doesn't apply to taper, as I already
pointed out indirectly.  There's no real reason not to move stuff
between bin and sbin on an FHS-conformant system.  But that might not
be true where the admin wanted to try to enforce "security through
obscurity".


-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

References:
- RE: Taper
  - From: "Paul Sims" <psims [at] lombard.co.uk>

Prev by Date: RE: Taper
Next by Date: Re: More on Kpackage
Prev by thread: RE: Taper
Next by thread: ppp deamon
Index(es):
- Date
- Thread