On Sat, 21 Nov 1998, Cacaio Torquato wrote: > Just FYI: > > As I have seen in Slackware 3.4 CD-Rom, these two entries are also in the > default PATH. > > Maybe this entrie is also included in the default PATH of other versions of > Slackware. As far as I can remember, "/usr/andrew" and "." have been in the PATH on every version of Slackware I have ever installed. Which probably meants its even in pre 2.0 releases. While the presence "/usr/andrew" is (in most cases) nothing more than "clutter", having "." is your path is a very common mistake admins make. Mainly because people can be to lazy to type ./configure when installing packages. As previously mentioned, this can is used by the common script kiddie to easily make a suid shell or other 4xxx toy for himself. Many a machine has been cracked by someone inserting a script named "ls" in the /tmp dir. Also, there are hooks in various Slackware startup scripts (ie: /etc/rc.d/rc.inet2) to startup various daemons that are not installed by default. The first one that comes to mind is sshd. While this is not a security risk (as it only looks to the dirs "/usr/sbin" and "/usr/local/sbin"). I may be mistaken (Its kinda late here.. heh), but I can sware that it is not commented out by default. As I said, not a blatent security risk, but if you have sshd installed, but don't want it to run.. You may want to comment that out. (And if you don't use ssh/scp, you should..) ... . Nick Levay . rattleat_private . "There are two major products that come out of Berkeley: LSD and UNIX. . We do not believe this to be a coincidence."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:27:14 PDT