[8907] in bugtraq

home help back first fref pref prev next nref lref last post

PATH variable in zip-slackware 2.0.35

daemon@ATHENA.MIT.EDU (Steven Alexander)
Sun Jan 3 16:24:56 1999

Date: 	Sat, 2 Jan 1999 12:36:28 -0800
Reply-To: Steven Alexander <steve@CELL2000.NET>
From: Steven Alexander <steve@CELL2000.NET>
To: BUGTRAQ@NETSPACE.ORG

I recently downloaded the zip disk version of slackware 2.0.35 and I noticed
two entries that I didn't like in the default PATH:     :/usr/andrew/bin
and :.
The directory /usr/andrew doesn't exist and shouldn't be included in the
default path.  Also '.' should never be included in root's default path as
it gives the possibility that a user might place a trojan into a his/her
home directory or another user writeable  directory.  i.e.: placing a shell
script 'mroe' in their home directory that creates a SUID copy of bash
before executing 'more' .  Anyway, placing '.' in your path is a bad idea.

cheers,
Steve

home help back first fref pref prev next nref lref last post