Return to BSD News archive
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!news.zeitgeist.net!news.pixi.com!sirius.pixi.com!khayman From: Khayman <khayman@pixi.com> Newsgroups: comp.unix.bsd.misc Subject: Re: MacBSD ? Date: Sun, 30 Jul 1995 19:59:19 -1000 Organization: Pacific Information eXchange, Inc. Lines: 47 Message-ID: <Pine.S40.3.91.950730195820.4701A-100000@sirius.pixi.com> References: <9507310346.AA21353@edmund> NNTP-Posting-Host: sirius.pixi.com Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII In-Reply-To: <9507310346.AA21353@edmund> Thank you for the speedy response. I really appreciate the newbie help. I hope I can return the favor. Aloha from Hawaii..... khayman On Sun, 30 Jul 1995, Andrew Gillham wrote: > In article <3vhdsc$a1q@rigel.pixi.com> you write: > > > >Where can I find the FAQ for MacBSD? I have everything installed and > >everything seems to have been installed ok and I can move around an do things > >in the mini-shell but when I try to bootup I get login: but it says: > > > >Warning: Logging in as ROOT with . in PATH. > > > >What does this mean? Any help would be greatly appreciated. > > This means that /bin/sh has taken it upon itself to be the security > watchdog. :-) It is a bogus error, and doesn't belong in /bin/sh IMHO. > What it means is that you need to edit /root/.profile, and /root/.cshrc > (and /.profile and /.cshrc) and remove the "." from the path statements. > The reason this is a problem is that a wiley hacker, (well a lamer > student) can create programs in their home directory with names like > 'pdw', 'ls-l', 'wdp', 'sl', etc.. and if the administrator happens to be > in their home directory and mistypes a command, voila! the lamer's > program gets run as *root*, and can simply create a setuserid copy of > /bin/sh in the lamer's home directory, and they can easily become root. > (and the lamer's program can print the 'sl: Command not found' error > message) The reason this works is that the '.' in the path causes the > shell to look in '.' after it can't find the command in the rest of the > path, so in the case of 'sl' which isn't found in the *normal* path it > looks for it in '.' and.... > > Anyway, checkout 'http://www.netbsd.org' for more NetBSD info. Also, > stop logging in as root, create yourself an account. You should only > need root for adminstrative type purposes and you don't want to > accidently type the wrong thing... :-) > > -Andrew > > -- > ========================================================== > Andrew Gillham gillham@andrews.edu > LAN/WAN/Netware/Unix Analyst > Resume -> http://www.cs.andrews.edu/~gillham/resume.html >