netbsd-users: Re: Installing local packages and NetBSD guide

Subject: Re: Installing local packages and NetBSD guide
To: None <netbsd-users@NetBSD.org>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: netbsd-users
Date: 09/28/2007 07:17:59

On Jan 14,  2:16am, Magnus Eriksson wrote:
} On Fri, 28 Sep 2007, John Nemeth wrote:
} 
} > } > (/usr/local/* is still retained in various default PATHs, for convenience)
} > }
} > } Smells like potential security problems to me, if it still is the case.
} >
} >     What security problem?  If the administrator doesn't put anything
} > there, then nothing will be found.  If the administrator does put
} > something there, then presumably they intend it to be used.
} 
}    Having a suid root program exploited to create the directory, or change 
} the permissions of it -- *that* security problem.

     If an suid root program can be exploited in such a way, it can
most likely cause all sorts of other problems.  This is a pretty
trivial concern.

}    I don't know exactly in which "various default PATHs" /usr/local is 

    The ones in /etc/skel/*, which are the files used to populate a
user's home directory when you do 'useradd -m ...'.  Also, the ones in
/root/.*.

}-- End of excerpt from Magnus Eriksson