Subject: Re: Installing local packages and NetBSD guide
To: None <netbsd-users@NetBSD.org>
From: John Nemeth <firstname.lastname@example.org>
Date: 09/28/2007 07:17:59
On Jan 14, 2:16am, Magnus Eriksson wrote:
} On Fri, 28 Sep 2007, John Nemeth wrote:
} > } > (/usr/local/* is still retained in various default PATHs, for convenience)
} > }
} > } Smells like potential security problems to me, if it still is the case.
} > What security problem? If the administrator doesn't put anything
} > there, then nothing will be found. If the administrator does put
} > something there, then presumably they intend it to be used.
} Having a suid root program exploited to create the directory, or change
} the permissions of it -- *that* security problem.
If an suid root program can be exploited in such a way, it can
most likely cause all sorts of other problems. This is a pretty
} I don't know exactly in which "various default PATHs" /usr/local is
The ones in /etc/skel/*, which are the files used to populate a
user's home directory when you do 'useradd -m ...'. Also, the ones in
}-- End of excerpt from Magnus Eriksson