Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Why Do You Need the Explicit Pathname to Execute?
Top Forums UNIX for Dummies Questions & Answers Why Do You Need the Explicit Pathname to Execute? Post 302737819 by sudon't on Thursday 29th of November 2012 07:34:36 PM
Old 11-29-2012
Quote:
Originally Posted by sudon't
Ok, I kinda get that it might be about having executables in permissions protected directories, but if all you need to do is use the absolute pathname, it doesn't seem like much security.
Quote:
In fact this makes for an awful lot of security
I should have been a bit more specific. What I meant here, we were speaking of an executable that would be sitting somewhere outside of my PATH, in my working directory, needing the explicit pathname to execute. I was wondering why I have to type that dot-slash to execute something in my working directory, when it's not needed to give the same file as an argument to a command.
The thing that surprises me, is that bash says "command not found," when it had no trouble finding the file only a moment before.
If I may borrow from your example, someone who gained access to my account might look around and see the little innocuous scripts I'm writing, replace one of them with your malicious script, giving it the same name as one of mine. There's nothing stopping me from executing it, except typing dot-slash.
In that sense, I don't see how having to type the explicit path for executables in my working directory, (dot-slash), gives anymore real security than not having to. Is there a reason one has to do that to execute a file?

Quote:
An even better idea would be to: make /usr/local/bin writable only by root.
It looks like it's already set up like that. Well, wheel can write. That's root and admin, right? I know I have to authenticate to write to it.
Code:
$ ls -l /usr/local |grep [^s]bin
drwxrwxr-x  50 root  wheel  1700 Nov 17 16:08 bin

 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

find without pathname

How can I get the results of a find back without the pathname for example if i do find ../../ -name \*.sql i dont want to see directory/directory/filename.sql I only want to see filename.sql (3 Replies)
Discussion started by: MBGPS
3 Replies

2. Shell Programming and Scripting

Getting pathname variables with ksh

With C Shell you can get the root, head, tail and extension of a pathname by using pathname variable modifiers. Example Script: #! /bin/csh set pathvar=/home/WSJ091305.txt echo $pathvar:r echo $pathvar:h echo $pathvar:t echo $pathvar:e The result of executing this script is: ... (7 Replies)
Discussion started by: BCarlson
7 Replies

3. UNIX for Advanced & Expert Users

connection to localhost:10.0 host broken (explicit kill or server shutdown)

Hi All, We use tomcat web server and it will get terminated with below error: connection to localhost:10.0 host broken (explicit kill or server shutdown) Please let me know how to fix this error. (5 Replies)
Discussion started by: bache_gowda
5 Replies

4. UNIX for Dummies Questions & Answers

finding pathname for directory

Hi Could someone help me? I'm not sure how to find the full pathname of a directory. I just want to be able to specify a directory. e.g directory1/directory2/directory3/directory4/directory5 I want to be able to put in "directory5" and then i want a return of the full address. ... (3 Replies)
Discussion started by: shomila_a
3 Replies

5. Cybersecurity

IPF pass in connection to port 21 even with no explicit rule

I'm running IPF on solaris 10 bash-3.00# ipf -V #display ipf version ipf: IP Filter: v4.1.9 (592) Kernel: IP Filter: v4.1.9 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 1 Feature mask: 0x107 with the following rules bash-3.00# ipfstat -o -i... (0 Replies)
Discussion started by: h@foorsa.biz
0 Replies

6. AIX

X connection to localhost:10.0 broken (explicit kill or server shutdown)

I want to run applet on AIX 6 machine. I already have setup $DISPLAY variable for putty session by selecting X11 option. I got below error for any X related commands (xclock, X, applet viewer ) X connection to localhost:10.0 broken (explicit kill or server shutdown). Please can anyone... (0 Replies)
Discussion started by: kailas.girase
0 Replies

7. Shell Programming and Scripting

Perl : Global symbol requires explicit package name Error while executing

I have executed the below perl script for copying the file from one server to another server using scp. #!/usr/bin/perl -w use Net::SCP::Expect; use strict; $server= "x.x.x.x"; my $source = "/mypath/mypath"; my $destination = "/home/"; print "Login...Starting scp..."; $user="admin";... (1 Reply)
Discussion started by: scriptscript
1 Replies

8. Shell Programming and Scripting

SSH shell script to access FTP over explicit TLS/SSL

Hello, I use the following SSH script to upload *.jpg files via FTP: #!/usr/bin/expect set timeout -1 spawn ftp -v -i expect "" send "\r" expect "Password:" send "\r" expect "ftp>" send "mput *.jpg\r" expect "ftp>" send "quit\r" replaced with actual ftp server/account data. ... (5 Replies)
Discussion started by: mrpi007
5 Replies

9. IP Networking

Add explicit route

Add explicit route to 10.128.255.41/32 , gateway: 10.128.201.254 if not working, please try gateway through management port: 10.128.55.254 Just want to double confirm if this would be the correct command #route add -net 10.128.255.41/32 10.128.201.254 And if didnt work #route add... (1 Reply)
Discussion started by: Thilagarajan
1 Replies

LEARN ABOUT DEBIAN

aa-easyprof

AA-EASYPROF(8)							     AppArmor							    AA-EASYPROF(8)

NAME

       aa-easyprof - AppArmor profile generation made easy.

SYNOPSIS

       aa-easyprof [option] <path to binary>

DESCRIPTION

       aa-easyprof provides an easy to use interface for AppArmor policy generation. aa-easyprof supports the use of templates and policy groups
       to quickly profile an application. Please note that while this tool can help with policy generation, its utility is dependent on the
       quality of the templates, policy groups and abstractions used. Also, this tool may create policy which is less restricted than creating
       policy by hand or with aa-genprof and aa-logprof.

OPTIONS

       aa-easyprof accepts the following arguments:

       -t TEMPLATE, --template=TEMPLATE
	   Specify which template to use. May specify either a system template from /usr/share/apparmor/easyprof/templates or a filename for the
	   template to use. If not specified, use /usr/share/apparmor/easyprof/templates/default.

       -p POLICYGROUPS, --policy-groups=POLICYGROUPS
	   Specify POLICY as a comma-separated list of policy groups. See --list-templates for supported policy groups. The available policy
	   groups are in /usr/share/apparmor/easyprof/policy. Policy groups are simply groupings of AppArmor rules or policies. They are similar
	   to AppArmor abstractions, but usually encompass more policy rules.

       -a ABSTRACTIONS, --abstractions=ABSTRACTIONS
	   Specify ABSTRACTIONS as a comma-separated list of AppArmor abstractions. It is usually recommended you use policy groups instead, but
	   this is provided as a convenience. AppArmor abstractions are located in /etc/apparmor.d/abstractions.  See apparmor.d(5) for details.

       -r PATH, --read-path=PATH
	   Specify a PATH to allow owner reads. May be specified multiple times. If the PATH ends in a '/', then PATH is treated as a directory
	   and reads are allowed to all files under this directory. Can optionally use '/*' at the end of the PATH to only allow reads to files
	   directly in PATH.

       -w PATH, --write-dir=PATH
	   Like --read-path but also allow owner writes in additions to reads.

       -n NAME, --name=NAME
	   Specify NAME of policy. If not specified, NAME is set to the name of the binary. The NAME of the policy is often used as part of the
	   path in the various templates.

       --template-var="@{VAR}=VALUE"
	   Set VAR to VALUE in the resulting policy. This typically only makes sense if the specified template uses this value. May be specified
	   multiple times.

       --list-templates
	   List available templates.

       --show-template=TEMPLATE
	   Display template specified with --template.

       --templates-dir=PATH
	   Use PATH instead of system templates directory.

       --list-policy-groups
	   List available policy groups.

       --show-policy-group
	   Display policy groups specified with --policy.

       --policy-groups-dir=PATH
	   Use PATH instead of system policy-groups directory.

       --author
	   Specify author of the policy.

       --copyright
	   Specify copyright of the policy.

       --comment
	   Specify comment for the policy.

EXAMPLE

       Example usage for a program named 'foo' which is installed in /opt/foo:

	   $ aa-easyprof --template=user-application --template-var="@{APPNAME}=foo" --policy-groups=opt-application,user-application
	   /opt/foo/bin/FooApp

BUGS

       If you find any additional bugs, please report them to Launchpad at <https://bugs.launchpad.net/apparmor/+filebug>.

SEE ALSO

       apparmor(7) apparmor.d(5)

AppArmor 2.7.103						    2012-07-16							    AA-EASYPROF(8)
All times are GMT -4. The time now is 08:23 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy