Re: adduser - useradd?


Subject: Re: adduser - useradd?
From: Timothy A. Seufert (tas@mindspring.com)
Date: Tue Jan 22 2002 - 00:47:39 MST


At 1:53 AM -0500 1/22/02, david wright wrote:

>- is it ok to put /sbin in $PATH, security risk?

The only security issue with $PATH is making sure that you never set
it to include directories not controlled by you and/or the system
administrator. Otherwise, you could execute an attacker's program
rather than the one you wanted to. This especially includes adding
"." to the path so you can execute programs or scripts in the current
working directory -- that is bad practice. Get into the habit of
typing "./executablename" instead.

With respect to /sbin specifically -- it's safe to include it because
only root can write executables into /sbin, and only trusted binaries
are installed there.

-- 
Tim Seufert



This archive was generated by hypermail 2a24 : Tue Jan 22 2002 - 01:03:47 MST