>So what is going on???
You are assuming that the current directory, ".", is in the search
path. However, for the root login, it probably is not --- because it
is considered a security risk to have "." in the search path. The
attack that is feared is this: Cracker manages to place a trojan
horse file into one of your directories and gives it a name like "ls"
or "cat" or some other common command. You issue that command while
root, and instead of the command you intended, the trojan horse is
executed, and since you are root the trojan horse executes as root
and either sets up a back door for the cracker to gain control of
your system, or just gets right down to business slurping up secrets
or trashing things.
Instead of "sndconfig", type "./sndconfig" from the /usr/sbin
directory, or type /usr/sbin/sndconfig from anywhere.
--Michal
At 9:51 AM -0700 9/24/00, Kent Loobey wrote:
>So I did a "locate sndconfig" and found that it was in the "/usr/sbin"
>directory.
>
>If I change my working directory to /usr/sbin and do a "ls -l sndconfig" I
>get:
>
>"-rwxr-xr-x 1 root root 116784 Mar 8 2000 sndconfig"
>
>I am logged in as root.
>
>If I type "sndconfig" I get: "bash: sndconfig: command not found".
>
>So what is going on???
>
