Date: Wed, 24 Jul 1996 10:15:38 -0400 From: Branson Matheson <branson@widomaker.com> To: Red Barchetta <paradox@pegasus.rutgers.edu> Cc: freebsd-questions@freebsd.org Message-ID: <199607241415.KAA29896@garion.hq.ferg.com> In-Reply-To: Your message of "Wed, 24 Jul 1996 08:54:01 EDT." <199607241254.IAA08136@pegasus.rutgers.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
-------- Red Barchetta uttered with conviction: > > 1) is there any reason that just plain old jo e user should avoid > '.' in his path? (I don't see any, but just to make sure.) Generally, and I will probably get blasted for this, I generally setup new users .cshrc with '.' as the last thing in the path: /ump/hq/home/branson/bin/FreeBSD2.1.0-RELEASE /ump/hq/home/branson/bin/scripts /usr/bin /bin /usr/local/bin /letc/bin /usr/games /sbin /usr/sbin /usr/X11R6/bin /etc /usr/etc . > > 2) if '.' appears as the very last entry in root's path is this > still considered a security risk? I'm not so lazy that I'm not > willing to type './command' as root--- just r eally curious about > this type of stuff! depends on if you mistype things... for instance if you type ( as I tend to do ) ruans instead of runas or mdkir instead of mkdir and the fiend is smart enough to have those mispellings as scripts in his local directory. You may or may not notice... once the deed is done and he/she erases the file that did it, you will never know for sure. Also think how many times you cd into /tmp to look at a file.... and execute ls as soon as you get in there ;-) It is generally a good rule of thumb to NOT have '.' in roots path and only system directories in roots path ( /bin /sbin /usr/bin /usr/sbin /usr/local/bin ). > > I know these aren't actually FreeBSD specific questions, but I hope > they will prove to be of interest to some other novice sys admins > out there as well! You might look at _Unix_System_Security_ by David Curry.. on pp35 and 36 there is a nice discourse on how and why to protect root. There are a number of other things out there... but that is a start. -branson ============================================================================= Branson Matheson | Ferguson Enterprises | If Pete and Repeat were System Administrator | W: (804) 874-7795 | sittin on a fence and Pete Unix, Perl, WWW | branson@widomaker.com | fell off, who is left?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607241415.KAA29896>