Quoting steven mestdagh <[EMAIL PROTECTED]>:
> On Mon, Nov 28, 2005 at 04:30:25PM +0100, Said Outgajjouft wrote:
> > >$ENV{'PATH'} = "/sbin:/bin:/usr/sbin:/usr/bin";
> > >
> > >and that is where pwd_mkdb will be found.
> > >
> > >
> > Hmm that doesn't answer my question.
> > The answer I am looking for could be one of the following.
> >
> > 1. The PATH environment is local to the process and cannot be tampered
> with.
> >
> > 2. The PATH environment is global but if someone can tampered with it
> > you are screwed
> > anyway so it doesn't matter that the pwd_mkdb is called using a
> > relative path.
> >
> > 3. The PATH environment however very slim can be tempered with so
> > adduser instead calls
> > /evilfiles/pwd_mkdb then adding an absolute path sounds like
> > something that should be done.
>
> $ENV is inherited from the parent process, but $ENV{'PATH'} is set
> explicitly inside the script, so it will have the desired value
> mentioned above.
>
> Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
>
>
The script is not designed to be run by anyone else as root.
Which is a good idea since it's interactive and tainting is not enabled.
If you really need to add users as part of running a privileged binary
as an unprivileged user, you should use/make an API for this.
passwd(5) is a good place to start looking.
PS: There are much more things than $PATH to worry about.
Kind regards,
Jimmy Scott
----------------------------------------------------------------
This message has been sent through ihosting.be
To report spamming or other unaccepted behavior
by a iHosting customer, please send a message
to [EMAIL PROTECTED]
----------------------------------------------------------------
