Bugtraq mailing list archives
PATH variable in zip-slackware 2.0.35
From: steve () CELL2000 NET (Steven Alexander)
Date: Sat, 2 Jan 1999 12:36:28 -0800
I recently downloaded the zip disk version of slackware 2.0.35 and I noticed two entries that I didn't like in the default PATH: :/usr/andrew/bin and:. The directory /usr/andrew doesn't exist and shouldn't be included in the default path. Also '.' should never be included in root's default path as it gives the possibility that a user might place a trojan into a his/her home directory or another user writeable directory. i.e.: placing a shell script 'mroe' in their home directory that creates a SUID copy of bash before executing 'more' . Anyway, placing '.' in your path is a bad idea. cheers, Steve
Current thread:
- Re: Comparison of THC-SCAN v2.0 with Sandstorm PhoneSweep 1.02 Adam Maloney (Dec 31)
- ACC's 'Tigris' Access Terminal server security vunerability.. Robert Thomas (Jan 02)
- Re: ACC's 'Tigris' Access Terminal server security vunerability.. Patrik Backstrom (Jan 03)
- Re: Comparison of THC-SCAN v2.0 with Sandstorm PhoneSweep 1.02 Oliver Xymoron (Jan 02)
- PATH variable in zip-slackware 2.0.35 Steven Alexander (Jan 02)
- Re: PATH variable in zip-slackware 2.0.35 Cacaio Torquato (Nov 20)
- Re: PATH variable in zip-slackware 2.0.35 Rattle (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 Patrick J. Volkerding (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 bandregg () REDHAT COM (Jan 05)
- Re: PATH variable in zip-slackware 2.0.35 Cacaio Torquato (Nov 20)
- Re: PATH variable in zip-slackware 2.0.35 Karl Stevens (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 kay (Jan 02)
- Re: PATH variable in zip-slackware 2.0.35 Karl Stevens (Jan 05)
- Re: PATH variable in zip-slackware 2.0.35 kay (Jan 06)
- ACC's 'Tigris' Access Terminal server security vunerability.. Robert Thomas (Jan 02)
- l0phtcrack 2.5 released The Forlorn (Jan 04)