[8954] in bugtraq

home help back first fref pref prev next nref lref last post

Re: PATH variable in zip-slackware 2.0.35

daemon@ATHENA.MIT.EDU (Karl Stevens)
Tue Jan 5 13:37:01 1999

Date: 	Tue, 5 Jan 1999 07:34:16 -0700
Reply-To: Karl Stevens <schon@INAME.COM>
From: Karl Stevens <schon@INAME.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.LNX.4.05.9901030358310.253-100000@orbital.phreedom.org>

Have to comment here one last time:

On 02-Jan-99, kay wrote:
>> Actually, this is the default path for USERS, not for root (Slackware 3.4,
>> 3.5, 3.6) The default path for root is
>> /usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
>
> This is not true. This is output from a clean Slackware 3.6:

Well, it's true on ALL of my systems (14 to date) :

schon:~$ echo $PATH

/usr/local/bin:/bin:/usr/bin:/usr/X11/bin:/usr/andrew/bin:/usr/openwin/bin:/usr/
games:.
schon:~$ su
Password:
schon:/home/karl# echo $PATH

/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin

> A quick look through the init scripts reveals no distinguish whether they
> run as root, other privileged uid, or something.

Another quick look reveals this:

schon:/etc# grep 'ENV_SUPATH' /etc/login.defs
# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.

ENV_SUPATH
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin

>> The problem specified in the previous posts is only present in the zipslack
>> distribution.
>
> This is not true as well. If it was only present in zipslack noone would
> care. I personally wouldn't run a secure server on zipslack/umsdos.

It is true, as far as I have tested.  14 boxen with regular slackware vs.
the one zipslack from the original poster. (I emailed him to verify)

Granted there are problems with security on a default slackware install
(including ttyp's in /etc/securetty for one) I don't think this is
really one of them.. either that, or I'm doing something totally different
than you are during install.

-Karl

home help back first fref pref prev next nref lref last post