On Fri, 28 Sep 2007, John Nemeth wrote:

>     Sure, but I think this is just being paranoid.  Only root can
> setup those directories.  If anything else manages to do so, then
> you're already screwed.


On Sat, 29 Sep 2007, Steven M. Bellovin wrote:

> I do not agree that it's a hole.  I think it's correct to
> include /usr/local in default paths -- /usr/local/bin for


   I should probably explain the scenario I'm seeing here.  My concern is 
that a bug in a suid program will allow the directory /usr/local/bin to be 
created, with permissions such that a malicious user can put his own 
binaries there.  Then the next time root types "sl" instead of "ls" you're 
screwed.

   I'd say that the obvious solution is to not have /usr/local in the PATH 
at all, or to set things up right in the first place, with appropriate 
permissions.  (I think most people were already in agreement about 
reinstating /usr/local ...)


   And I don't see how it follows that you're automatically screwed just 
because a buggy suid root binary can be exploited to create a directory. 
As long as you don't have an obvious target for creation, like there is 
now.



>>    So in the default PATH for all users?  Including root?  Wow.

> If you do 'useradd -m root', yes.  Given that root already exists --
> with a .profile, etc., that doesn't come from there -- I'd call that a
> non-issue.

tl;dr:

>>> Also, the ones in /root/.*.


MAgnus