Em Ter, 2004-01-13 às 00:33, David L Norris escreveu: > > But by commenting out the uid check, you're adding /sbin, /usr/sbin, and > > /usr/local/sbin, to the environment of all users on the system. My > > understanding is that this is a no-no when it comes to securing the > > system. > Placing /usr/sbin in the PATH may break applications which use the PAM > consolehelper. Which means programs that must run as root (e.g. > redhat-config-*) will not properly prompt for a password. Those > applications will instead fail to run at all or run unprivileged causing > confusion and frustration. This is not true - on every rehat system since 8.0 I've been doing this. No machine had reduced funtionality because of it. In fact, the opposite happened. Try for yourselves, then tell me. > If one feels they must place /usr/sbin in the PATH for normal users then > make sure it is the very last item (i.e. pathmunge /usr/sbin after). > For non-root users the PATH should be similar to this: > PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin You are right - but it's working anyway, even with the 'wrong' order, on my systems. But just setting the path is something I would not call a 'security issue' - any script kiddie knows where to find these programs even when the path is not available - in fact, most of their 'cake recipes' use full path :-) -- []s Alexandre Ganso 500 FOUR vermelha - Diretor Steel Goose Moto Group
