Jamf Nation Community

williamkeller · ‎08-19-2021

Hey there, I checked the boards but couldn't find a consensus.

Does anyone know if custom scripts default to a certain working directory? I ask because I'm trying to gauge the importance of absolute paths when doing binary calls to the "jamf" or "scutil" binaries. If a shell starts in a user's home folder for these scipts, then theoretically if I were to make binaries called "jamf" or "scutil" that did less than helpful things (or daresay even malicious things), would that create a path vuln or does jamf know that aliases are called and defaults to whatever the system is set to previously? I know this all seems moot because the rule is ALWAYS USE ABSOLUTE PATHS, but as a curious mind and a infosec enthusiast I was just curious if Jamf had any protections for that already in place.

Anyway, really loving this community of Apple nerds and look forward to the discourse. If this post is completely asinine or naive, I do apologize. I am but a poor script noob and am trying to learn. Thanks in advance.

bartreardon · ‎08-20-2021

I ran the following in a policy

#!/bin/zsh

pwd > /var/tmp/pwd.txt

exit 0

and the contents of /var/tmp/pwd.txt was the path to my home directory.

View solution in original post

bartreardon · ‎08-20-2021

I ran the following in a policy

#!/bin/zsh

pwd > /var/tmp/pwd.txt

exit 0

and the contents of /var/tmp/pwd.txt was the path to my home directory.

williamkeller · ‎08-20-2021

As I had guessed. So it seems if I had an end-user who was clever enough to create binaries with names identical to the ones we call in our scripts then they could ultimately do some damage.

bartreardon · ‎08-20-2021

Interesting concept but you would have to modify $PATH for root as that is the context the script runs in.

Jamf Nation Community

What is the base path or the 'pwd' that our scripts call from