Bugtraq mailing list archives
Re: PATH variable in zip-slackware 2.0.35
From: schon () INAME COM (Karl Stevens)
Date: Tue, 5 Jan 1999 07:34:16 -0700
Have to comment here one last time: On 02-Jan-99, kay wrote:
Actually, this is the default path for USERS, not for root (Slackware 3.4, 3.5, 3.6) The default path for root is /usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/binThis is not true. This is output from a clean Slackware 3.6:
Well, it's true on ALL of my systems (14 to date) : schon:~$ echo $PATH /usr/local/bin:/bin:/usr/bin:/usr/X11/bin:/usr/andrew/bin:/usr/openwin/bin:/usr/ games:. schon:~$ su Password: schon:/home/karl# echo $PATH /usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
A quick look through the init scripts reveals no distinguish whether they run as root, other privileged uid, or something.
Another quick look reveals this: schon:/etc# grep 'ENV_SUPATH' /etc/login.defs # Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
The problem specified in the previous posts is only present in the zipslack distribution.This is not true as well. If it was only present in zipslack noone would care. I personally wouldn't run a secure server on zipslack/umsdos.
It is true, as far as I have tested. 14 boxen with regular slackware vs. the one zipslack from the original poster. (I emailed him to verify) Granted there are problems with security on a default slackware install (including ttyp's in /etc/securetty for one) I don't think this is really one of them.. either that, or I'm doing something totally different than you are during install. -Karl
Current thread:
- ACC's 'Tigris' Access Terminal server security vunerability.., (continued)
- ACC's 'Tigris' Access Terminal server security vunerability.. Robert Thomas (Jan 02)
- Re: ACC's 'Tigris' Access Terminal server security vunerability.. Patrik Backstrom (Jan 03)
- Re: Comparison of THC-SCAN v2.0 with Sandstorm PhoneSweep 1.02 Oliver Xymoron (Jan 02)
- PATH variable in zip-slackware 2.0.35 Steven Alexander (Jan 02)
- Re: PATH variable in zip-slackware 2.0.35 Cacaio Torquato (Nov 20)
- Re: PATH variable in zip-slackware 2.0.35 Rattle (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 Patrick J. Volkerding (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 bandregg () REDHAT COM (Jan 05)
- Re: PATH variable in zip-slackware 2.0.35 Cacaio Torquato (Nov 20)
- Re: PATH variable in zip-slackware 2.0.35 Karl Stevens (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 kay (Jan 02)
- Re: PATH variable in zip-slackware 2.0.35 Karl Stevens (Jan 05)
- Re: PATH variable in zip-slackware 2.0.35 kay (Jan 06)
- ACC's 'Tigris' Access Terminal server security vunerability.. Robert Thomas (Jan 02)
- l0phtcrack 2.5 released The Forlorn (Jan 04)
- Re: SUN almost has a clue! (automountd) Casper Dik (Jan 05)
- Re: FreeBSD 2.2.5 Security problem Eivind Eklund (Jan 03)
- Re: FreeBSD 2.2.5 Security problem User NEAL (Jan 03)