[expert] WTF?? $PATH question
[EMAIL PROTECTED] jack]$ echo $PATH /usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:/sbin/:/usr/sbin/:/usr/local/sbin/:/usr//bin:/bin:/usr/bin::/usr/local/bin:/usr/X11R6/bin:/usr/games:/usr/java/j2re1.4.0_01//bin that looks okay... but . is effectively in my path!! I discovered this by doing a tab completion line that matched a script in my ~. This is with msec level 3 Maybe related to bash programmable completion? Anyone else seen this behavior? -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... I left Angola, 1964, go walkin down my street, knock upon my baby's door, my baby come out, she ask me who I am, I say baby, don't you know your man... -- Grown So Ugly from Safe As Milk by Captain Beefheart and His Magic Band Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 17 Nov 2003 11:31:26 -0800 Jack Coates [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] jack]$ echo $PATH /usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:/sbi n/:/usr/sbin/:/usr/local/sbin/:/usr//bin:/bin:/usr/bin::/usr/loca l/bin:/usr/X11R6/bin:/usr/games:/usr/java/j2re1.4.0_01//bin that looks okay... but . is effectively in my path!! I discovered this by doing a tab completion line that matched a script in my ~. This is with msec level 3 Maybe related to bash programmable completion? Anyone else seen this behavior? Why are there double /'s in the path? Not that that has anything to do with your problem... -- Mandrake HowTo's More: http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 11:31, Jack Coates wrote: [EMAIL PROTECTED] jack]$ echo $PATH /usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:/sbin/:/usr/sbin/:/usr/local/sbin/:/usr//bin:/bin:/usr/bin::/usr/local/bin:/usr/X11R6/bin:/usr/games:/usr/java/j2re1.4.0_01//bin that looks okay... but . is effectively in my path!! I discovered this by doing a tab completion line that matched a script in my ~. This is with msec level 3 Maybe related to bash programmable completion? Anyone else seen this behavior? I don't quite understand what the problem is. Are you saying that '.' shouldn't be in your path or that it should be? -- Michael Holt Snohomish, WA (o_ [EMAIL PROTECTED] (o_ (o_ //\ www.holt-tech.net (/)_ (/)_ V_/_ www.mandrakelinux.com == -6. Ooops, I should really have change directory before doing that chmod -R bin.bin . --Top 100 things you don't want the sysadmin to say Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 11:59, Eric Huff wrote: On Mon, 17 Nov 2003 11:31:26 -0800 Jack Coates [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] jack]$ echo $PATH /usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:/sbi n/:/usr/sbin/:/usr/local/sbin/:/usr//bin:/bin:/usr/bin::/usr/loca l/bin:/usr/X11R6/bin:/usr/games:/usr/java/j2re1.4.0_01//bin that looks okay... but . is effectively in my path!! I discovered this by doing a tab completion line that matched a script in my ~. This is with msec level 3 Maybe related to bash programmable completion? Anyone else seen this behavior? Why are there double /'s in the path? Not that that has anything to do with your problem... this .bash_profile is the same on five machines, and the others don't have the doubled slashes or the . problem. the problem box did not have bash-completion in the RPM list, so I just added bash-completion-20030821-3mdk.noarch.rpm and checked that bash is at 2.05b-14mdk on several boxes. The double-slashes are now gone, but it still includes . in the path. -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... Brainiac's daughter made me a suit of bricks and mortar and a matching stove pipe hat, oh yes, Brainiac's daughter took me on a sleigh ride underwater and I'm crazy for girls like that. -- Brainiac's Daughter from Chips From The Chocolate Fireball by The Dukes of Stratosphear Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 17 Nov 2003 11:31:26 -0800 Jack Coates [EMAIL PROTECTED] wrote: . is effectively in my path!! I see the same on 9.2rc2 :^P should be bugged as a security flaw IMO Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 17 Nov 2003, Jack Coates wrote:
[EMAIL PROTECTED] jack]$ echo $PATH
/usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:/sbin/:/usr/sbin/:/usr/local/sbin/:/usr//bin:/bin:/usr/bin::/usr/local/bin:/usr/X11R6/bin:/usr/games:/usr/java/j2re1.4.0_01//bin
that looks okay... but . is effectively in my path!! I discovered this
by doing a tab completion line that matched a script in my ~. This is
with msec level 3
This is because of the :: that appears about 2/3 of the way into the
$PATH - this is the functional equivalent of :.: ... and that is a Bad
Thing to have in there, as you know.
I'd suggest hunting through the various places in the scripts where the
$PATH is amended, and finding where this is being set. There are a number
of places it could be - /etc/profile, somewhere under /etc/profile.d,
~/.bashrc, ~/.bash_profile, the rc file for your display manager ...
Or, you might want to just use the checkpath function that was posted in
the alt.os.linux.mandrake newsgroup by Chris F.A. Johnson to clean this
up. You can place a file like the following into your /etc/profile.d dir;
make it executable, and name it zz_local.sh (to ensure that it will run
last - they're executed in alphabetical order):
#!/bin/bash
checkpath ()
{
error=0
newPATH=
local IFS=:
for p in ${PATH//\/\//\/}
do
if [ ! -d $p ]; then
echo checkpath: $p is not a directory; removing it 2
else
case :$newPATH: in
*:$p:*) echo checkpath: $p already in path 2
;;
*)
[ -d $p ] newPATH=${newPATH:+$newPATH:}$p
;;
esac
fi
done
PATH=$newPATH
unset newPATH
}
checkpath
export PATH
This will not only remove the offending ::, it will remove any duplicate
entries it finds (a couple of which you also have in yours), as well as
any entries pointing to dirs which do not exist.
HTH!
--
Bill Mullen [EMAIL PROTECTED] MA, USA RLU #270075 MDK 8.1 9.0
An opinion is like a branding iron. It is one thing to hold it, and
another to press it into the skin of a friend. - James Lileks
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 17 Nov 2003 11:31:26 -0800, Jack Coates [EMAIL PROTECTED] wrote about [expert] WTF?? $PATH question: [EMAIL PROTECTED] jack]$ echo $PATH /usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:/sbin/:/usr/s bin/:/usr/local/sbin/:/usr//bin:/bin:/usr/bin::/usr/local/bin:/usr/X11R6/b in:/usr/games:/usr/java/j2re1.4.0_01//bin that looks okay... but . is effectively in my path!! I discovered this by doing a tab completion line that matched a script in my ~. This is with msec level 3 Maybe related to bash programmable completion? Anyone else seen this behavior? Don`t think it`s bash completion, `cause I haven`t installed bash completion. Still I had similar path echoes since 9.2 last week. Yet to find the answer. At this moment I don`t, but I did clean up my path additional statements in ~/.bashrc yesterday. Perhaps we needed a path in 9.1 and added it to .bashrc and now it`s already `done for us` by installing 9.2? Ciao, =Dick Gevers= -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Encryption is an envelope - the contents are private. iD8DBQE/uTS8wC/zk+cxEdMRAoKjAJ9OfXJehjhx5REChYnjQdMDmaR4gACg7Zlj tz0bd3daQoyQAE8FtdkekPQ= =rrn4 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 12:18, Michael Holt wrote: On Mon, 2003-11-17 at 11:31, Jack Coates wrote: [EMAIL PROTECTED] jack]$ echo $PATH /usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:/sbin/:/usr/sbin/:/usr/local/sbin/:/usr//bin:/bin:/usr/bin::/usr/local/bin:/usr/X11R6/bin:/usr/games:/usr/java/j2re1.4.0_01//bin that looks okay... but . is effectively in my path!! I discovered this by doing a tab completion line that matched a script in my ~. This is with msec level 3 Maybe related to bash programmable completion? Anyone else seen this behavior? I don't quite understand what the problem is. Are you saying that '.' shouldn't be in your path or that it should be? should not. It's not that big a deal I suppose, but it's not The Right Way(TM) for things to be. -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... And it's lend me ten pounds, I'll buy you a drink, and mother wake me early in the morning! -- Boys From County Hell from Red Roses For Me by The Pogues Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 12:32, Pierre Fortin wrote: On Mon, 17 Nov 2003 11:31:26 -0800 Jack Coates [EMAIL PROTECTED] wrote: . is effectively in my path!! I see the same on 9.2rc2 :^P should be bugged as a security flaw IMO Interesting... this was an rc2 system that I upgraded. Any one else seeing this behavior? -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... This is not the greatest song in the world, this is just a tribute. -- Tribute by Tenacious D Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 12:49, Bill Mullen wrote: ... This is because of the :: that appears about 2/3 of the way into the $PATH - this is the functional equivalent of :.: ... and that is a Bad Thing to have in there, as you know. ah-hah -- missed that. I'd suggest hunting through the various places in the scripts where the $PATH is amended, and finding where this is being set. There are a number of places it could be - /etc/profile, somewhere under /etc/profile.d, ~/.bashrc, ~/.bash_profile, the rc file for your display manager ... Or, you might want to just use the checkpath function that was posted in the alt.os.linux.mandrake newsgroup by Chris F.A. Johnson to clean this up. You can place a file like the following into your /etc/profile.d dir; make it executable, and name it zz_local.sh (to ensure that it will run last - they're executed in alphabetical order): this rocks -- thanks! -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... Come on you rambling boys of pleasure and ladies of easy leisure, we must say Adios until we see Almaria once again. -- Fiesta from If I Should Fall From Grace With God by The Pogues Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 17 Nov 2003 12:18:28 -0800 Jack Coates [EMAIL PROTECTED] wrote: the problem box did not have bash-completion in the RPM list, so I just added bash-completion-20030821-3mdk.noarch.rpm and checked that bash is at 2.05b-14mdk on several boxes. The double-slashes are now gone, but it still includes . in the path. It doesn't happen here on 9.1. ~/a/_backup $ bash --version GNU bash, version 2.05b.0(1)-release (i586-mandrake-linux-gnu) Copyright (C) 2002 Free Software Foundation, Inc. ~/a/_backup $ rpm -q bash bash-2.05b-12mdk eric -- Mandrake HowTo's More: http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This brings me to the maddening thing about linux over the last year or two. There used to be two files (as I recall) within which PATH was set: /etc/profile and ~/.bash_profile. Now neither file contains much of anything related to setting path. I have no idea where the bulk of PATH is set now. I have looked through /etc/profile, ~/.bash_profile, ~/.bashrc, /etc/bashrc, /etc/rc.local, /etc/rc.sysinit. I would also like to fix this (checked my 9.2 box and it does have the :: in my path). Where is path really set? It is NOT /etc/profile (look at it, there is hardly any path info in it at all) nor ~/.bash_profile. praedor On Monday 17 November 2003 03:18 pm, Jack Coates wrote: On Mon, 2003-11-17 at 11:59, Eric Huff wrote: On Mon, 17 Nov 2003 11:31:26 -0800 Jack Coates [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] jack]$ echo $PATH /usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:/sbi n/:/usr/sbin/:/usr/local/sbin/:/usr//bin:/bin:/usr/bin::/usr/loca l/bin:/usr/X11R6/bin:/usr/games:/usr/java/j2re1.4.0_01//bin that looks okay... but . is effectively in my path!! I discovered this by doing a tab completion line that matched a script in my ~. This is with msec level 3 [...] this .bash_profile is the same on five machines, and the others don't have the doubled slashes or the . problem. the problem box did not have bash-completion in the RPM list, so I just added bash-completion-20030821-3mdk.noarch.rpm and checked that bash is at 2.05b-14mdk on several boxes. The double-slashes are now gone, but it still includes . in the path. [...] - -- Events are in the saddle and ride mankind. - --Ralph Waldo Emerson -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/uTq9aKr9sJYeTxgRAvvBAJ4g8v017m8Mmgo0w4L39a+fAYiOUgCffZYr LFB+AFW6cFpidiYo/HNfGUc= =+WLF -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 17 Nov 2003 20:51:10 +, Dick Gevers [EMAIL PROTECTED] wrote about Re: [expert] WTF?? $PATH question: Don`t think it`s bash completion, `cause I haven`t installed bash completion. Still I had similar path echoes since 9.2 last week. Yet to find the answer. At this moment I don`t, but I did clean up my path additional statements in ~/.bashrc yesterday. errata: s/h/b: ~/bash_profile yesterday. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Encryption is an envelope - the contents are private. iD8DBQE/uTuQwC/zk+cxEdMRAnjAAJ48P9jVhmO0wLZaU9XiztJGb2/jpQCfYDmu AHnbpxYOB+ITr7uNQ89PEjc= =fnEZ -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question...only in user path
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It appears that the :: (effectively .) in $PATH is restricted to user. Root's path on 9.2 is OK in this regard. praedorhh -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/uTvCaKr9sJYeTxgRAleuAJ99ZyFG5lY8hEeSyuy474Ibuw68ZQCgjuqJ SPuvW6nRi53oCQECZxG1pYA= =CtSR -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 17 Nov 2003, Bill Mullen wrote: This will not only remove the offending ::, it will remove any duplicate entries it finds (a couple of which you also have in yours), as well as any entries pointing to dirs which do not exist. If you find seeing the output of the script to be disconcerting, just change both instances of 2 to /dev/null. Sorry that I didn't catch this bit earlier. :( -- Bill Mullen [EMAIL PROTECTED] MA, USA RLU #270075 MDK 8.1 9.0 In communities where men build ships for their own sons to fish or fight from, quality is never a problem. -- J. A. Dever Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think I can safely say that this is not set in any file in /etc/*. Since it isn't there (:: in path) for root, but only for user, I suspect it is somewhere in $HOME (?). praedor On Monday 17 November 2003 04:09 pm, Eric Huff wrote: On Mon, 17 Nov 2003 12:18:28 -0800 Jack Coates [EMAIL PROTECTED] wrote: the problem box did not have bash-completion in the RPM list, so I just added bash-completion-20030821-3mdk.noarch.rpm and checked that bash is at 2.05b-14mdk on several boxes. The double-slashes are now gone, but it still includes . in the path. It doesn't happen here on 9.1. ~/a/_backup $ bash --version GNU bash, version 2.05b.0(1)-release (i586-mandrake-linux-gnu) Copyright (C) 2002 Free Software Foundation, Inc. ~/a/_backup $ rpm -q bash bash-2.05b-12mdk eric - -- Events are in the saddle and ride mankind. - --Ralph Waldo Emerson -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/uUDhaKr9sJYeTxgRAp/9AJ9pbgud5AJ/u5E+u+0hhLC4NFOZoACfRp6V jq6oFYQ5ZAYpv6m/+FVo/zY= =pvXa -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I should indicate that I scanned every file in /etc that contained any path statements via grep. Nothing untoward appeared. On Monday 17 November 2003 04:42 pm, Praedor Atrebates wrote: I think I can safely say that this is not set in any file in /etc/*. Since it isn't there (:: in path) for root, but only for user, I suspect it is somewhere in $HOME (?). - -- Events are in the saddle and ride mankind. - --Ralph Waldo Emerson -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/uUSeaKr9sJYeTxgRAoxZAKC65ffNWxTprDDi8zUiCYQefPNytACfWd0E e+z/k0pQf58VseFehGyrshQ= =LoJM -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 13:42, Praedor Atrebates wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think I can safely say that this is not set in any file in /etc/*. Since it isn't there (:: in path) for root, but only for user, I suspect it is somewhere in $HOME (?). praedor I think it's the transitions from end of line to beginning of line. [EMAIL PROTECTED] jack]$ grep PATH .bash_profile PATH=$PATH:$JAVA_HOME/bin PATH=/sbin/:/usr/sbin/:/usr/local/sbin/:$PATH PATH=/usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:$PATH export USERNAME BASH_ENV PATH PS1 ... -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... I have acres of land, I have men I command, I have always a shilling to spare, so be easy and free when you're drinking with me; I'm a man you don't meet every day. -- I'm a Man You Don't Meet Every Day from Rum, Sodomy, and the Lash by The Pogues Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 13:16, Praedor Atrebates wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This brings me to the maddening thing about linux over the last year or two. There used to be two files (as I recall) within which PATH was set: /etc/profile and ~/.bash_profile. Now neither file contains much of anything related to setting path. I have no idea where the bulk of PATH is set now. I have looked through /etc/profile, ~/.bash_profile, ~/.bashrc, /etc/bashrc, /etc/rc.local, /etc/rc.sysinit. I would also like to fix this (checked my 9.2 box and it does have the :: in my path). Where is path really set? It is NOT /etc/profile (look at it, there is hardly any path info in it at all) nor ~/.bash_profile. praedor ... read /etc/profile again, you'll see that it sources and runs all the files in /etc/profile.d/. -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... Stark raving naked in the fornication nation! -- Debbie Gibson Is Pregnant With My Two-Headed Love Child from Root Hog or Die by Mojo Nixon Skid Roper Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 17 Nov 2003 16:58:54 -0500, Praedor Atrebates [EMAIL PROTECTED] wrote about Re: [expert] WTF?? $PATH question: I should indicate that I scanned every file in /etc that contained any path statements via grep. Nothing untoward appeared. On Monday 17 November 2003 04:42 pm, Praedor Atrebates wrote: I think I can safely say that this is not set in any file in /etc/*. Since it isn't there (:: in path) for root, but only for user, I suspect it is somewhere in $HOME (?). As Bill Mullen already indicated, it can be in your display manager rc file. Locate kdmrc or whichever you load your $DISPLAY with. IIRC there was a double colon and/or double slash in kdmrc in 9.1 too. (BTW your GnuPG sig never comes thru as okay; maybe yahoo mangling?) HTH Ciao, =Dick Gevers= -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Encryption is an envelope - the contents are private. iD8DBQE/uUgOwC/zk+cxEdMRAv+8AKCegz45cf7eBZhEIX2kXL8j4zf58QCdGn7X FznMk7fvsc9qsdj8qc3oal0= =7lGU -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 12:53, Jack Coates wrote: I don't quite understand what the problem is. Are you saying that '.' shouldn't be in your path or that it should be? should not. It's not that big a deal I suppose, but it's not The Right Way(TM) for things to be. :) You seemed pretty emphatic about it's presence in earlier posts; What effect does it have? It means you can execute hidden files? If that's the case, couldn't you do that anyway - if you knew what the filename was? I suppose just for policy, you would want as few things in a users path as possible - is that just what it's about? -- Michael Holt Snohomish, WA (o_ [EMAIL PROTECTED] (o_ (o_ //\ www.holt-tech.net (/)_ (/)_ V_/_ www.mandrakelinux.com == 0. Just add yourself to the password file and make a directory... --Top 100 things you don't want the sysadmin to say Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 17 Nov 2003, Michael Holt wrote: What effect does it have? It means you can execute hidden files? If that's the case, couldn't you do that anyway - if you knew what the filename was? I suppose just for policy, you would want as few things in a users path as possible - is that just what it's about? What having :.: (or its equivalent, ::) in your $PATH does is allow the current working directory to be included in any search for executable files. This is (wisely, IMHO) considered to be a security risk, as it can lead to the execution of a file other than the one you had intended, if that file has the same name and the :.: appears earlier in the PATH than the directory in which the intended file resides. Obviously, it is *far* more important that such an entry not be part of root's PATH than a user's, but it's a risk in the latter case as well. -- Bill Mullen [EMAIL PROTECTED] MA, USA RLU #270075 MDK 8.1 9.0 In communities where men build ships for their own sons to fish or fight from, quality is never a problem. -- J. A. Dever Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 That was it. Thank you. /usr/share/config/kdm/kdmrc contains: SystemPath=/usr//bin:/sbin:/usr/sbin:/bin:/usr/bin::/usr/local/bin UserPath=/usr//bin:/bin:/usr/bin::/usr/local/bin Both the system path and user path have the ::. I guess if I logged in as root, started up kde, then it would be in root's path. praedor On Monday 17 November 2003 05:13 pm, Dick Gevers wrote: On Mon, 17 Nov 2003 16:58:54 -0500, Praedor Atrebates [EMAIL PROTECTED] wrote about Re: [expert] WTF?? $PATH question: I should indicate that I scanned every file in /etc that contained any path statements via grep. Nothing untoward appeared. On Monday 17 November 2003 04:42 pm, Praedor Atrebates wrote: I think I can safely say that this is not set in any file in /etc/*. Since it isn't there (:: in path) for root, but only for user, I suspect it is somewhere in $HOME (?). As Bill Mullen already indicated, it can be in your display manager rc file. Locate kdmrc or whichever you load your $DISPLAY with. IIRC there was a double colon and/or double slash in kdmrc in 9.1 too. [...] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/uVZV3Fc5zsI6lBMRAqREAJ4voZLSzHgC6xH73gq2Vm1Nc37hMQCcDAYP SmzxYWRJiCsqYEYoWt6wNc4= =RuaS -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Monday 17 Nov 2003 7:31 pm, Jack Coates wrote: [EMAIL PROTECTED] jack]$ echo $PATH /usr/local/bin/:/home/jack/bin/:/usr/X11R6/lib/xscreensaver/:/sbin/:/usr/sb in/:/usr/local/sbin/:/usr//bin:/bin:/usr/bin::/usr/local/bin:/usr/X11R6/bin: /usr/games:/usr/java/j2re1.4.0_01//bin that looks okay... but . is effectively in my path!! I discovered this by doing a tab completion line that matched a script in my ~. This is with msec level 3 Standard Unix behavior has always been to give users . in their path but not root. man login reads: PATH defaults to /usr/local/bin:/bin:/usr/bin:. for normal users, and to /sbin:/bin:/usr/sbin:/usr/bin for root. However this is not the case. A login session (ie a virtual terminal) on my MDK9.1 machine does not give me . on the path. An X (KDE) login does. Note that man login specifies: /usr/local/bin:/bin:/usr/bin:. and the string in Jack's and my $PATH says: /usr//bin:/bin:/usr/bin:: which has two syntax errors and specifies /usr/bin twice. Also note that all Mandrake sourced RPMs avoid using /usr/local. I'd say that Mandrake hacked it, and got it wrong. The man login string appears exactly in a virtual terminal session, except for the missing . which could be a hack that Mandrake got right. -- Richard Urwin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Monday 17 Nov 2003 11:14 pm, Praedor Atrebates wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 That was it. Thank you. /usr/share/config/kdm/kdmrc contains: SystemPath=/usr//bin:/sbin:/usr/sbin:/bin:/usr/bin::/usr/local/bin UserPath=/usr//bin:/bin:/usr/bin::/usr/local/bin Both the system path and user path have the ::. I guess if I logged in as root, started up kde, then it would be in root's path. Interestingly enough, according to the (9.1) documentation, su does not change PATH unless it also changes directory to the new users HOME. Yet we all know it does. -- Richard Urwin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 14:21, Michael Holt wrote: On Mon, 2003-11-17 at 12:53, Jack Coates wrote: I don't quite understand what the problem is. Are you saying that '.' shouldn't be in your path or that it should be? should not. It's not that big a deal I suppose, but it's not The Right Way(TM) for things to be. :) You seemed pretty emphatic about it's presence in earlier posts; What effect does it have? It means you can execute hidden files? If that's the case, couldn't you do that anyway - if you knew what the filename was? I suppose just for policy, you would want as few things in a users path as possible - is that just what it's about? the real issue for me is expected versus non-expected behavior. There is a security risk, which is fairly arcane unless a large class of boxes are going to exhibit this behavior (no matter how arcane and difficult the hole, if hundred of boxes will respond in the same way then an exploit script will be written). -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... And the head said that you always were a queer one from the start, for careers you say you want to be remembered for your art, your obsession gets you known throughout the school for being strange, making life-sized models of The Velvet Underground in clay. -- Expectations from Tigermilk by Belle and Sebastian Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 15:35, Richard Urwin wrote: On Monday 17 Nov 2003 11:14 pm, Praedor Atrebates wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 That was it. Thank you. /usr/share/config/kdm/kdmrc contains: SystemPath=/usr//bin:/sbin:/usr/sbin:/bin:/usr/bin::/usr/local/bin UserPath=/usr//bin:/bin:/usr/bin::/usr/local/bin Both the system path and user path have the ::. I guess if I logged in as root, started up kde, then it would be in root's path. Interestingly enough, according to the (9.1) documentation, su does not change PATH unless it also changes directory to the new users HOME. Yet we all know it does. only if you use the - option, right? -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... start stop and start, stupid acting smart, flirting with the flicks, say it's just for kicks, you'll be the victim of your own dirty tricks you've got yourself to tease and displease. -- pictures of me from either/or by Elliott Smith Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 15:01, Bill Mullen wrote: On Mon, 17 Nov 2003, Michael Holt wrote: What effect does it have? It means you can execute hidden files? If that's the case, couldn't you do that anyway - if you knew what the filename was? I suppose just for policy, you would want as few things in a users path as possible - is that just what it's about? What having :.: (or its equivalent, ::) in your $PATH does is allow the current working directory to be included in any search for executable files. This is (wisely, IMHO) considered to be a security risk, as it can lead to the execution of a file other than the one you had intended, if that file has the same name and the :.: appears earlier in the PATH than the directory in which the intended file resides. Obviously, it is *far* more important that such an entry not be part of root's PATH than a user's, but it's a risk in the latter case as well. Ahh, that makes sense. So it's mostly good housekeeping. Thanks. -- Michael Holt Snohomish, WA (o_ [EMAIL PROTECTED] (o_ (o_ //\ www.holt-tech.net (/)_ (/)_ V_/_ www.mandrakelinux.com == 14. dd if=/dev/null of=/vmunix --Top 100 things you don't want the sysadmin to say Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] WTF?? $PATH question
On Mon, 2003-11-17 at 15:54, Jack Coates wrote: On Mon, 2003-11-17 at 14:21, Michael Holt wrote: On Mon, 2003-11-17 at 12:53, Jack Coates wrote: I don't quite understand what the problem is. Are you saying that '.' shouldn't be in your path or that it should be? should not. It's not that big a deal I suppose, but it's not The Right Way(TM) for things to be. :) You seemed pretty emphatic about it's presence in earlier posts; What effect does it have? It means you can execute hidden files? If that's the case, couldn't you do that anyway - if you knew what the filename was? I suppose just for policy, you would want as few things in a users path as possible - is that just what it's about? the real issue for me is expected versus non-expected behavior. There is a security risk, which is fairly arcane unless a large class of boxes are going to exhibit this behavior (no matter how arcane and difficult the hole, if hundred of boxes will respond in the same way then an exploit script will be written). Hey, makes sense. -- Michael Holt Snohomish, WA (o_ [EMAIL PROTECTED] (o_ (o_ //\ www.holt-tech.net (/)_ (/)_ V_/_ www.mandrakelinux.com == 32. Ummm... Didn't you say you turned it off? --Top 100 things you don't want the sysadmin to say Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
