Subject: Re: Installing local packages and NetBSD guide
To: None <netbsd-users@NetBSD.org>
From: Magnus Eriksson <email@example.com>
Date: 09/28/2007 20:05:52
On Fri, 28 Sep 2007, John Nemeth wrote:
> } Having a suid root program exploited to create the directory, or change
> } the permissions of it -- *that* security problem.
> If an suid root program can be exploited in such a way, it can
> most likely cause all sorts of other problems.
Maybe such a buggy program could, maybe not. But are you then saying
that this particular hole should therefore *not* be fixed?
Seems kinda obvious to me that when you see a potential security
problem, you fix it right away, no matter how unlikely it seems it might
be exploited. That just the way you do things.
> This is a pretty trivial concern.
> } I don't know exactly in which "various default PATHs" /usr/local is
> The ones in /etc/skel/*, which are the files used to populate a
> user's home directory when you do 'useradd -m ...'. Also, the ones in
So in the default PATH for all users? Including root? Wow.
Trivial? I hope I'm completely misunderstanding what you're saying.