Red Hat Bugzilla – Bug 19064
anacron's default anacrontab puts /usr/local/bin at the front of $PATH
Last modified: 2007-03-26 23:36:35 EDT
anacron (anacron-2.3-9, included in RH7) ships with an /etc/anacrontab file
that reads, in part,
1 5 cron.daily run-parts /etc/cron.daily
I believe anacron is activated by default. If a site admin gives untrusted
users write access to /usr/local/bin or /usr/local/sbin, a malicious user
put a "run-parts" program in one of those two directories, and if anacron
to do something after the next reboot, that user's script/program will be
executed as root.
The PATH setting in the /etc/anacrontab should be adjusted, or removed.
The /etc/crontab that came with my RH7 system has a correct PATH setting:
which would solve this problem just fine.
Hope that helps,
If a local admin gives untrusted users write access to system binary directorys,
it is they who are opening the hole, and they who need to consider the security
/usr/local/sbin and /usr/local/bin exist so that local installations can
override system level commands, with replacing the original binarys, so they
belong first in the search order.
This is not a bug.