> 1) rc: the value of $path is (. /bin). It is a classic case not to
> have . as the first directory when searching for programs - it allows
> Trojan horses to form.
if you're the only one using your system, how could this be a problem?
but assuming you have multiple users on your system, how do you
propose that a target be tricked into cd'ing into a trojaned directory
and attempt to execute the magic command. what would this trojaned
command do? without setuid (or a superuser), the options are more
constrained.
perhaps there are systems where the mutal distrust between users is
that great.
> 2) auth server: why do we need one for passwords anyways if we run on
> a desktop computer? I don't know how to set one up, but I'd just like
> to set a password without an error spitting back at me when I type
> "passwd".
this command should get you started
man 8 authsrv
- erik
