On Sat, 2 Jan 1999, Steven Alexander wrote: > I recently downloaded the zip disk version of slackware 2.0.35 and I noticed > two entries that I didn't like in the default PATH: :/usr/andrew/bin > and :. > The directory /usr/andrew doesn't exist and shouldn't be included in the > default path. Also '.' should never be included in root's default path as > it gives the possibility that a user might place a trojan into a his/her > home directory or another user writeable directory. i.e.: placing a shell > script 'more' in their home directory that creates a SUID copy of bash > before executing 'more' . Anyway, placing '.' in your path is a bad idea. I will assume you are talking about the Slackware 3.6 distribution... The directory /usr/andrew/bin should contain the Andrew User Interface System packages. Those are from the Slackware contributed packages, slackware-3.6/contrib/auis63L4-*.tgz. Note that they are neither maintained or supported by Pat Volkerding but by their respective authors. It is not only zip-slack that contains those in the default PATH variable, this is found in /etc/profile: PATH="$PATH:/usr/X11R6/bin:/usr/andrew/bin:$OPENWINHOME/bin:/usr/games:." /etc/csh.login: set path = ( $path /usr/X11R6/bin /usr/andrew/bin $OPENWINHOME/bin/usr/games . ) Also the dot has been included in the path for all versions in the Slackware distribution I've worked with - 3.[456]. Probably it's the same with some older ones. The obvious workaround is just to remove those entries in system-wide scripts. > cheers, > Steve
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:27:16 PDT