Subject: Re: Installing local packages and NetBSD guide
To: None <>
From: Magnus Eriksson <>
List: netbsd-users
Date: 09/28/2007 20:05:52
On Fri, 28 Sep 2007, John Nemeth wrote:

> }    Having a suid root program exploited to create the directory, or change
> } the permissions of it -- *that* security problem.

>     If an suid root program can be exploited in such a way, it can
> most likely cause all sorts of other problems.

   Maybe such a buggy program could, maybe not.  But are you then saying 
that this particular hole should therefore *not* be fixed?

   Seems kinda obvious to me that when you see a potential security 
problem, you fix it right away, no matter how unlikely it seems it might 
be exploited.  That just the way you do things.

> This is a pretty trivial concern.

> }    I don't know exactly in which "various default PATHs" /usr/local is
>    The ones in /etc/skel/*, which are the files used to populate a
> user's home directory when you do 'useradd -m ...'.  Also, the ones in
> /root/.*.

   So in the default PATH for all users?  Including root?  Wow.

   Trivial?  I hope I'm completely misunderstanding what you're saying.