[8954] in bugtraq
Re: PATH variable in zip-slackware 2.0.35
daemon@ATHENA.MIT.EDU (Karl Stevens)
Tue Jan 5 13:37:01 1999
Date: Tue, 5 Jan 1999 07:34:16 -0700
Reply-To: Karl Stevens <schon@INAME.COM>
From: Karl Stevens <schon@INAME.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.05.9901030358310.253-100000@orbital.phreedom.org>
Have to comment here one last time:
On 02-Jan-99, kay wrote:
>> Actually, this is the default path for USERS, not for root (Slackware 3.4,
>> 3.5, 3.6) The default path for root is
>> /usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
>
> This is not true. This is output from a clean Slackware 3.6:
Well, it's true on ALL of my systems (14 to date) :
schon:~$ echo $PATH
/usr/local/bin:/bin:/usr/bin:/usr/X11/bin:/usr/andrew/bin:/usr/openwin/bin:/usr/
games:.
schon:~$ su
Password:
schon:/home/karl# echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
> A quick look through the init scripts reveals no distinguish whether they
> run as root, other privileged uid, or something.
Another quick look reveals this:
schon:/etc# grep 'ENV_SUPATH' /etc/login.defs
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
ENV_SUPATH
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
>> The problem specified in the previous posts is only present in the zipslack
>> distribution.
>
> This is not true as well. If it was only present in zipslack noone would
> care. I personally wouldn't run a secure server on zipslack/umsdos.
It is true, as far as I have tested. 14 boxen with regular slackware vs.
the one zipslack from the original poster. (I emailed him to verify)
Granted there are problems with security on a default slackware install
(including ttyp's in /etc/securetty for one) I don't think this is
really one of them.. either that, or I'm doing something totally different
than you are during install.
-Karl