"Linux Gazette...making Linux just a little more fun!"


More 2¢ Tips!


Send Linux Tips and Tricks to [email protected]

New Tips ] [ Answers to Mail Bag Questions ]


"." in root's path is unsafe!! (was: a.out binaries not working)


Date: Sat, 12 Jun 1999 14:58:28 -0400
From: "Peter V. Inskeep"

In Linux Gazette, Issue # 42, I provided an answer to the question of getting an a.out binary to run. I suggested that typing "./a.out" (sans quotes) would do the trick. I went on to suggest that the "current directory" be added to the path to avoid the bother of typing ./ before the name of the binary to be run.

Several have written to me to point out that adding ./ to the path is not good practice from a security viewpoint. Therefore, I urge anyone who has added the ./ to their path after reading my answer, remove it. Instead, just get in the practice of typing ./myprogramname when one wants to run a binary in the current directory.

I'd like to take this opportunity to thank Alex B., Art W., and Pete in the UK for taking the time to write me notes explaining the pitfalls of putting dot slash (./) in one's PATH. This is especially true for root, but apparently not good practice for anyone. As I understand it, a transgressor could easily put a program with evil intentions, but with a common name, such as "ls," in one of your commonly used directories. Next time you type ls on the command line, the evil program is run rather than the ls directory display program. This is so if one had modified one's PATH to include ./. If one had to include ./ in one's path, make sure it is at the end of the PATH statement.

Thanks for giving me this opportunity to correct the bad information I presented. Also, thanks again to those who took the time to write to me to explain the consequences of adding ./ to the PATH statement.

Pete, NO2D

Date: Thu, 10 Jun 1999 13:19:05 +0100
From: Pat Neave

> Try running the a.out binary with the command line: ./a.out I recently
> installed RedHat 5.2 and found that its $PATH statement does not include
> a path of " ./: " ./ is the path of the current directory that you are
> in. Remarkably, RedHat does not set up paths so that your current path 
> is looked at to execute a file. 

There is a good reason for RedHat (and hopefully all the Linux distributers) not to include '.' in your PATH. Its a security risk. Now, you may be OK on a non-networked system but I don't think it is a good habit to get into. The following is quoted from the Path Mini HOWTO:

12. Security concerns

The path is sometimes a big security problem. It is a very common way to hack into a system using some mistakes in path settings. It is easy to make Trojan horse attacks if hacker gets root or other users to execute his versions of commands.

A common mistake in the past (?) was to keep '.' in the root's path. Malicious hacker makes program 'ls' in his home directory. If root makes

	     # cd ~hacker
	     # ls
	
he executes ls command of hacker's.

--
Pat

Date: Mon, 14 Jun 1999 19:31:48 +0100
From: Jeffrey Voight

If you find it absolutely necessary to include . in your path, at least put it as the last entry in your path so that the system binaries are searched before '.' is.

Date: Tue, 15 Jun 1999 10:34:52 +0100

From: Alexander Thorp, [email protected]

Peter Inskeep writes:

"Remarkably, RedHat does not set up paths so that your current path is looked at to execute a file", i.e. does not include the directory . in $PATH."

This would only be remarkable to a DOS user. The inclusion of . in $PATH exposes the user to trojan horses. It should never appear in root's $PATH, and I don't like it in mine either.

Alex Thorp

(This is a sample of many letters received on the dangers of '.'. I don't use it in the root path, but I like in my path. :) --Ed.)


More Vi .exrc stuff


Date: Wed, 9 Jun 1999 15:18:11 -0400 (EDT)
From: Matt Boutet

When setting up you .exrc file for vi you can use the map command to map the function keys in addtion to the few unassigned 'normal' keys. Example:

	map #1 :set nu
this makes F1 turn line numbering on.

Matt


gzipping TWHT-1 (unzipping UNIX files on Windows)


Date: Fri, 25 Jun 1999 10:24:41 +0530
From: "Nagesh S K"

I am using winzip for windows from http://www.winzip.com this can handle various zip formats including gz,tar,zip,ajr etc. hope this helps.

Subject: Linux / Windows

Date: Tue, 29 Jun 1999 17:22:36 +0200

From: Peter Van Rompaey

maybe you already know this, but .tar and .gz files can be unpacked under Windows using Winzip 7

All the README-files (and every other plain-text file for that matter) can be opened with Notepad/Wordpad.

Also, if you use a Windows filesystem on you floppies ( vfat ), you can read 'em under Windows, but you can also mount them RW on any linux which has vfat support compiled into the kernel (most distributions have, trust me :-)

If you use StarOffice 5, then you can use Office 97 files to exchange data, cuz SO5 uses an O97-compatible file format.

Hope this helps ya and feel free to DMAL for comments/questions,

greetz,
Blacky
Undernet - #Supportline #Groningen


Deleted web pages


Date: Thu, 3 Jun 1999 15:02:06 +0200
From: "Martin Skjoldebrand"

This is not exclusively a Linux trick of course but here it goes:

If you've changed your web site structure and thereby removed a previous entry page (the first page a visitor comes to) which may have links to it you could link that page to your current entry page.

I removed my foreword.htm some time ago and later found a stale link on a foreign page leading to the missing page. So I simply created a link to my current toc.html. Now whenever someone follows the original link, instead of getting a 404 they get the toc.html.

HTH someone ...
M.


Make modem ignore funny dial tones


Date: Fri, 4 Jun 1999 14:24:18 -0400 (EDT)
From: Matt Willis On my telephone line, I have voice mail. The dialtone is different when there is a message waiting. This causes my modem (USR 56k) to get confused and quit, saying "No dialtone". Effectively, this breaks any automated dialup routines, such as a cron daemon to fetch mail in the middle of the night. To ignore dial tones, I added ATX3 to my modem codes:
#!/bin/sh
#
# This is part 2 of the ppp-on script. It will perform the connection
# protocol for the desired connection.
#
exec /usr/sbin/chat -v                                          \
        TIMEOUT         23                              \
        ABORT           '\nBUSY\r'                      \
        ABORT           '\nNO ANSWER\r'                 \
        ABORT           '\nRINGING\r\n\r\nRINGING\r'    \
        ''              ATZ                     \
        'OK'            ATL0M0                  \
        'OK'            ATX3 \
        'OK-+++\c-OK'   ATH0                    \
        TIMEOUT         50                              \
        OK              ATDT$TELEPHONE          \
        CONNECT         ''                              \
        rname:--rname:  $ACCOUNT                        \
        assword:        $PASSWORD


Tips in the following section are answers to questions printed in the Mail Bag column of previous issues.


ANSWER: Network boot disk for i386 without hd


Date: Fri, 4 Jun 1999 11:13:43 +0100
From: Wim Lemmers

http://www.psychosis.com/linux-router/

Hi, I think this comes close to what you're looking for.

wim


ANSWER: Question about 2 GB max?


Date: Fri, 4 Jun 1999 18:33:15 -0400
From: "Steven G. Johnson" Deirdre Saoirse wrote in the June $0.02 tips:
Traditionally, there has been a 2GB partition size limit (not just a FILE size limit) on PowerPC Linux partitions. I don't know if that will continue to be true with newer versions but it is true of LinuxPPC up to revision 4 and DR3 of MkLinux. I haven't checked if there's a YellowDogLinux specific answer however.

This is no longer true for LinuxPPC (including revision 4) or YDL, although it's still true for MkLinux. The partition limit was due to a kernel problem that disappeared somewhere in the 2.1.x series...use a 2.2.x kernel and you'll be fine. (I am using a 4GB partition quite happily with LinuxPPC R4 right now, with an uptime of several months.)

Cordially,
Steven G. Johnson

Date: Fri, 4 Jun 1999 18:37:26 -0400

From: "Steven G. Johnson"

Whoops, I read further in your June 2 cent tips, and I see that someone else has already replied to her message...although they claim the problem is with e2fsprogs, which I didn't touch on my machine. (Although perhaps there was an upgraded version in the installer image that I downloaded along with the new kernel.)


ANSWER: FTP access methods


Date: Sat, 05 Jun 1999 13:27:44 +0200
From: Ben De Rydt Subject: RE: FTP access methods
And I finally have a good question: In both Window$ and O$/2 I had apps that would treat ftp sites as folders (directories). It worked real well with keeping data in sync off-site. Is there a tool that will allow an FTP site to be mounted under Linux? It seems fairly useful to me, but freshmeat and other resources turned up nada.

Midnight Commander allows you to show an FTP-site in one pane and your local file system in the other. You can acces the FTP-site like you would a local directory (i.c. F5: copy, F6: move/rename, etc...)

Greetings,
Ben


ANSWER: Any inetd wizards out there?


Date: Mon, 14 Jun 1999 18:26:16 +0200
From: Ton Nijkes

On Mon, 03 May 1999 16:33:32 -0500, Pete wrote:

I have been digging for the past several months to try and find any way to bind inetd to one IP / interface. I have a machine with several virtual hosts, and had originally intended for only the main IP / interface to respond to telnet, ftp, etc. The virtuals would only respond via httpd. Unfortunatly, this doesn't seem to be the way it's working - not only can I telnet / ftp to all addresses, it seems like every inetd connection shows up on the LAST IP interface for some reason.

I've looked thru manpages, NAG, websites, and while I know a lot more than when I started looking, I was never able to solve this binding problem.

Anyone have the answer?

Pete,

I think the tcp wrapper daemon (tcpd) should do the trick. In /etc/hosts.allow and /etc/hosts.deny you can use constructs like daemon@host that will accomplish what you need (sort of).

Try:

      man tcpd
      man 5 hosts_access (look for 'SERVER ENDPOINT PATTERNS')

Greetings,
Ton.


ANSWER:


Date: Sun, 27 Jun 1999 14:43:43 -0800
From: Ramon Gandia Subject: Direct Win05-Linux connection

[email protected] wrote in LG #42:

Just read issue 41 and read the great article about direct cable connections between Win95 and Linux, I tried implementing this method but came across a couple of problems running Windows 98. (4.10.1998)

I can get terminal emulation (using HyperTerminal) running at 38400 baud but 115200 crashes at the password prompt. (115200 works with xon/xoff using kermit as the terminal program).

Can't figure out how to get Windows to dial out over the serial line as in your article. I tried creating a new modem using the modems wizard in the control panel using 'standard serial between 2 PC's' and it goes through the process reporting success at the end but no device appears anywhere.

The problem is in Win95/98. It does not come with a null modem driver. Windows assumes that you are using a REAL modem complete with AT commands, etc. If all you have is a null serial cable between the Win95 box and the Linux PPP server, then Win95 cannot be used because it cannot be set up unless you use a modem and a phone line.

However, there IS a null modem driver. You install this driver by copying it to c:\WINDOWS\INF (a hidden directory). You can then install a new modem. Select not to detect, but you will pick it from a list. When you get to the list, it will be at the top of the list of manufacturers, and you can select the generic null modem driver.

This driver has been around the internet for years, but I have put it up on my ftp server. ftp://ftp.nook.net/pub/unix/mdmcisco.inf

I have no problem then using my Win95 computers with terminal servers such as my Livingstons. It works a LOT faster than using a Modem, and communications is typically 115,200.

--
Ramon Gandia ================= Sysadmin ================ Nook Net
http://www.nook.net [email protected]


Published in Linux Gazette Issue 43, July 1999


[ TABLE OF 
CONTENTS ] [ FRONT PAGE ]  Back  Next


This page maintained by the Editor of Linux Gazette, [email protected]
Copyright © 1999 Specialized Systems Consultants, Inc.