From owner-freebsd-current Wed Jan 22 08:27:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA11522 for current-outgoing; Wed, 22 Jan 1997 08:27:59 -0800 (PST) Received: from po1.glue.umd.edu (root@po1.glue.umd.edu [129.2.128.44]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA11514 for ; Wed, 22 Jan 1997 08:27:56 -0800 (PST) Received: from protocol.eng.umd.edu (protocol.eng.umd.edu [129.2.98.180]) by po1.glue.umd.edu (8.8.3/8.7.3) with ESMTP id LAA17816; Wed, 22 Jan 1997 11:27:52 -0500 (EST) Received: from localhost (chuckr@localhost) by protocol.eng.umd.edu (8.8.3/8.7.3) with SMTP id LAA27927; Wed, 22 Jan 1997 11:27:51 -0500 (EST) X-Authentication-Warning: protocol.eng.umd.edu: chuckr owned process doing -bs Date: Wed, 22 Jan 1997 11:27:49 -0500 (EST) From: Chuck Robey X-Sender: chuckr@protocol.eng.umd.edu To: Randy DuCharme cc: current@FreeBSD.ORG Subject: Re: 2 small strange problems In-Reply-To: <32E6358E.41C67EA6@nconned.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 22 Jan 1997, Randy DuCharme wrote: > Greetings, > > I've been staying current almost nightly, and 3 of my machines are > running current FLAWLESSLY!! One of them is an SMP machine. > > GREAT JOB GUYS!!! > > Two things are really bugging me in that I cannot seem to find the cause > of them on my own. They're both small problems and I'm not too sure > just exactly when it started as both have to do with logins. Hence this > message. Here goes: > > 1: Whenever I login as 'root' I get a warning message... > "Warning: Imported path contains relative components" ( or something > to that effect ) Can't answer the second question, but the first means you have "." in root's execution PATH. This is a real security problem, because a user could code a program like 'ls' to do something evil, and when you cd'ed into that user's directory and took a look at his files with ls, you'd be unwittingly executing his ls program (and not the system's ls you would be expecting to get) at root privilege level. If you need to execute something in a current directory, it's easy enough to type ./program, which would do it. > > 2: If I login as a nonexistent user ( ie: typing error entering login > name ) I get ... > > /kernel: pid (login), uid 0: exited on sig 11 > > Are these normal behavior for 'current', or do I have a problem > somewhere?? I don't seem to recall 2.1.5, or SNAP doing either of > these, yet I'll be darned if I can find the cause. > > Ideas ?? > > > Thanks > -- > Randall D DuCharme email: randyd@nconnect.net > Systems Engineer > Computer Specialists > 414-253-9998 253-9919 (fax) > ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@eng.umd.edu | communications topic, C programming, and Unix. 9120 Edmonston Ct #302 | Greenbelt, MD 20770 | I run Journey2 and picnic, both FreeBSD (301) 220-2114 | version 3.0 current -- and great FUN! ----------------------------+-----------------------------------------------