PATH variable in zip-slackware 2.0.35

From: Steven Alexander (steveat_private)
Date: Sat Jan 02 1999 - 12:36:28 PST

  • Next message: Missouri FreeNet Administration: "FreeBSD 2.2.5 Security problem" 

    I recently downloaded the zip disk version of slackware 2.0.35 and I noticed
two entries that I didn't like in the default PATH:     :/usr/andrew/bin
and :.
The directory /usr/andrew doesn't exist and shouldn't be included in the
default path.  Also '.' should never be included in root's default path as
it gives the possibility that a user might place a trojan into a his/her
home directory or another user writeable  directory.  i.e.: placing a shell
script 'mroe' in their home directory that creates a SUID copy of bash
before executing 'more' .  Anyway, placing '.' in your path is a bad idea.

cheers,
Steve

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:27:05 PDT