Understanding Path Security
The possibility—however remote it may be—exists that someone could plant a trojaned version of some system utility on your system, and then manipulate a user’s PATH setting so that the trojaned utility would be invoked, instead of the real one. The trojaned utility could do a variety of nasty things, such as exfiltrating sensitive data or performing a ransomware attack by encrypting important files. Before I show you a script, let’s see how this looks on the command-line. Let’s begin by showing you where the executable file for the normal ls command is located:
donnie@fedora-server:~$ which ls
alias ls='ls --color=auto'
/usr/bin/ls
donnie@fedora-server:~$
We see that it’s located in the /usr/bin/ directory, as it should be. Now, let’s create a bogus ls, in the form of a script, and place it into the /tmp/ directory. Here’s the ls script:
#!/bin/bash
echo "This is a trojaned...
