Some Googling turned up the following: http://www.tldp.org/HOWTO/Path-12.html Any of the important daemon processes should never execute anything that some other user can write into. In some systems, /usr/local/bin is allowed to contain programs with less strict security screening - it is just removed from the path of the root user.
http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html The command path for the root user is very important. The command path (that is, the PATH environment variable) specifies the directories in which the shell searches for programs. Try to limit the command path for the root user as much as possible, and never include . (which means "the current directory") in your PATH. Additionally, never have writable directories in your search path ... http://www.tldp.org/HOWTO/Tips-HOWTO-3.html Root's path should consist of 'PATH= /bin' That's it. Nothing else on root's path. http://osmirrors.cerias.purdue.edu/pub/OpenBSD/src/etc/security { print "Root path directory " $10 " is group writable." } http://security.sdsc.edu/advisories/outback_sec_guidelines Most current day operating systems have this but, audit root's path, make sure dirs are owned and only writable by root. minimize as much as possible, e.g. /sbin:/usr/sbin:/bin:/usr/bin http://www.start-linux.com/articles/article_165.php One important thing to keep in mind are the different $PATH settings for users and root: * user: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/user/bin: * root: /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin http://www.unet.univie.ac.at/aix/aixbman/admnconc/system_security.htm The PATH value in the /etc/profile file is used by the root user. Only specify directories that are secure, that is, that only root can write to. http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWaadm/SYSADV4/p98.html The paths that lead to the home directory must be owned and writable by root only. For example, if a .forward file is in /export/home/terry, /export and /export/home must be owned and writable by root only. Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]