This file is indexed.

/usr/lib/tiger/html/paths.html is in tiger 1:3.2.3-8.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
<HR><PRE>








</PRE><HR>
<CENTER><H2> Documents for paths</H2></CENTER>
<A NAME="path001w"><P><B>Code [path001w]</B><P>
The indicated file is in root's PATH, and is group writable, world
writable or both. This can allow Trojan horse programs or viruses to be
planted into these executables and spread by `root'. The group
and world write permissions should be removed.
<PRE>










</PRE><HR>
<A NAME="path002w"><P><B>Code [path002w]</B><P>
The indicated file is in root's PATH, but is not owned by root. This
can allow Trojan horse programs or viruses to be planted into these
executables and spread by `root'. Often these executables are owned by
`bin', `uucp' or other system accounts. If these commands are never
used by root, then this is not a problem. If they are, you should
consider changing the owner to `root'. Because of SMI's recent decision
to install most /usr/sbin/accessdb /usr/sbin/add-shell /usr/sbin/addgroup /usr/sbin/adduser /usr/sbin/arpd /usr/sbin/chgpasswd /usr/sbin/chpasswd /usr/sbin/chroot /usr/sbin/cpgr /usr/sbin/cppw /usr/sbin/cytune /usr/sbin/delgroup /usr/sbin/deluser /usr/sbin/dpkg-divert /usr/sbin/dpkg-preconfigure /usr/sbin/dpkg-reconfigure /usr/sbin/dpkg-statoverride /usr/sbin/e2freefrag /usr/sbin/fdformat /usr/sbin/filefrag /usr/sbin/groupadd /usr/sbin/groupdel /usr/sbin/groupmod /usr/sbin/grpck /usr/sbin/grpconv /usr/sbin/grpunconv /usr/sbin/iconvconfig /usr/sbin/install-info /usr/sbin/invoke-rc.d /usr/sbin/ldattach /usr/sbin/locale-gen /usr/sbin/mkinitramfs /usr/sbin/mklost+found /usr/sbin/newusers /usr/sbin/nologin /usr/sbin/pam-auth-update /usr/sbin/pam_getenv /usr/sbin/policy-rc.d /usr/sbin/pwck /usr/sbin/pwconv /usr/sbin/pwunconv /usr/sbin/readprofile /usr/sbin/remove-shell /usr/sbin/rmt /usr/sbin/rmt-tar /usr/sbin/rtcwake /usr/sbin/service /usr/sbin/tunelp /usr/sbin/tzconfig /usr/sbin/update-alternatives /usr/sbin/update-bootsystem-insserv /usr/sbin/update-ca-certificates /usr/sbin/update-initramfs /usr/sbin/update-locale /usr/sbin/update-passwd /usr/sbin/update-rc.d /usr/sbin/update-rc.d-insserv /usr/sbin/useradd /usr/sbin/userdel /usr/sbin/usermod /usr/sbin/validlocale /usr/sbin/vigr /usr/sbin/vipw /usr/sbin/zg-policy-rc.d /usr/sbin/zic and /usr/bin/[ /usr/bin/a2p /usr/bin/addpart /usr/bin/addr2line /usr/bin/advdef /usr/bin/advmng /usr/bin/advpng /usr/bin/advzip /usr/bin/apropos /usr/bin/apt-cache /usr/bin/apt-cdrom /usr/bin/apt-config /usr/bin/apt-get /usr/bin/apt-key /usr/bin/apt-mark /usr/bin/ar /usr/bin/arch /usr/bin/as /usr/bin/autoconf /usr/bin/autoheader /usr/bin/autom4te /usr/bin/autoreconf /usr/bin/autoscan /usr/bin/autoupdate /usr/bin/awk /usr/bin/base64 /usr/bin/basename /usr/bin/bashbug /usr/bin/bsd-from /usr/bin/bsd-write /usr/bin/c++ /usr/bin/c++filt /usr/bin/c2ph /usr/bin/c89 /usr/bin/c89-gcc /usr/bin/c99 /usr/bin/c99-gcc /usr/bin/c_rehash /usr/bin/cal /usr/bin/calendar /usr/bin/captoinfo /usr/bin/catchsegv /usr/bin/catman /usr/bin/cc /usr/bin/chage /usr/bin/chattr /usr/bin/chcon /usr/bin/chfn /usr/bin/chkdupexe /usr/bin/chrt /usr/bin/chsh /usr/bin/cksum /usr/bin/clear /usr/bin/clear_console /usr/bin/cmp /usr/bin/col /usr/bin/colcrt /usr/bin/colrm /usr/bin/column /usr/bin/comm /usr/bin/config_data /usr/bin/corelist /usr/bin/cpan /usr/bin/cpan2dist /usr/bin/cpanp /usr/bin/cpanp-run-perl /usr/bin/cpp /usr/bin/cpp-4.6 /usr/bin/csplit /usr/bin/csslint-0.6 /usr/bin/ctstat /usr/bin/cut /usr/bin/ddate /usr/bin/debconf /usr/bin/debconf-apt-progress /usr/bin/debconf-communicate /usr/bin/debconf-copydb /usr/bin/debconf-escape /usr/bin/debconf-gettextize /usr/bin/debconf-set-selections /usr/bin/debconf-show /usr/bin/debconf-updatepo /usr/bin/delpart /usr/bin/dh /usr/bin/dh_apparmor /usr/bin/dh_auto_build /usr/bin/dh_auto_clean /usr/bin/dh_auto_configure /usr/bin/dh_auto_install /usr/bin/dh_auto_test /usr/bin/dh_bugfiles /usr/bin/dh_builddeb /usr/bin/dh_clean /usr/bin/dh_compress /usr/bin/dh_desktop /usr/bin/dh_fixperms /usr/bin/dh_gconf /usr/bin/dh_gencontrol /usr/bin/dh_icons /usr/bin/dh_install /usr/bin/dh_installcatalogs /usr/bin/dh_installchangelogs /usr/bin/dh_installcron /usr/bin/dh_installdeb /usr/bin/dh_installdebconf /usr/bin/dh_installdirs /usr/bin/dh_installdocs /usr/bin/dh_installemacsen /usr/bin/dh_installexamples /usr/bin/dh_installgsettings /usr/bin/dh_installifupdown /usr/bin/dh_installinfo /usr/bin/dh_installinit /usr/bin/dh_installlogcheck /usr/bin/dh_installlogrotate /usr/bin/dh_installman /usr/bin/dh_installmanpages /usr/bin/dh_installmenu /usr/bin/dh_installmime /usr/bin/dh_installmodules /usr/bin/dh_installpam /usr/bin/dh_installppp /usr/bin/dh_installudev /usr/bin/dh_installwm /usr/bin/dh_installxfonts /usr/bin/dh_link /usr/bin/dh_lintian /usr/bin/dh_listpackages /usr/bin/dh_makeshlibs /usr/bin/dh_md5sums /usr/bin/dh_movefiles /usr/bin/dh_perl /usr/bin/dh_prep /usr/bin/dh_python /usr/bin/dh_scrollkeeper /usr/bin/dh_shlibdeps /usr/bin/dh_strip /usr/bin/dh_strip.pkg-create-dbgsym /usr/bin/dh_suidregister /usr/bin/dh_testdir /usr/bin/dh_testroot /usr/bin/dh_ucf /usr/bin/dh_undocumented /usr/bin/dh_usrlocal /usr/bin/diff /usr/bin/diff3 /usr/bin/dircolors /usr/bin/dirname /usr/bin/dotlockfile /usr/bin/dpkg /usr/bin/dpkg-architecture /usr/bin/dpkg-buildflags /usr/bin/dpkg-buildpackage /usr/bin/dpkg-checkbuilddeps /usr/bin/dpkg-deb /usr/bin/dpkg-deb.pkgbinarymangler /usr/bin/dpkg-distaddfile /usr/bin/dpkg-divert /usr/bin/dpkg-genchanges /usr/bin/dpkg-gencontrol /usr/bin/dpkg-gensymbols /usr/bin/dpkg-maintscript-helper /usr/bin/dpkg-mergechangelogs /usr/bin/dpkg-name /usr/bin/dpkg-parsechangelog /usr/bin/dpkg-query /usr/bin/dpkg-scanpackages /usr/bin/dpkg-scansources /usr/bin/dpkg-shlibdeps /usr/bin/dpkg-source /usr/bin/dpkg-split /usr/bin/dpkg-statoverride /usr/bin/dpkg-trigger /usr/bin/dpkg-vendor /usr/bin/dprofpp /usr/bin/du /usr/bin/elfedit /usr/bin/enc2xs /usr/bin/env /usr/bin/envsubst /usr/bin/eqn /usr/bin/expand /usr/bin/expiry /usr/bin/expr /usr/bin/factor /usr/bin/faillog /usr/bin/faked-sysv /usr/bin/faked-tcp /usr/bin/fakeroot /usr/bin/fakeroot-sysv /usr/bin/fakeroot-tcp /usr/bin/fallocate /usr/bin/file /usr/bin/find /usr/bin/find2perl /usr/bin/flock /usr/bin/fmt /usr/bin/fold /usr/bin/free /usr/bin/from /usr/bin/g++ /usr/bin/g++-4.6 /usr/bin/gcc /usr/bin/gcc-4.6 /usr/bin/gcov /usr/bin/gcov-4.6 /usr/bin/gencat /usr/bin/geqn /usr/bin/getconf /usr/bin/getent /usr/bin/getopt /usr/bin/gettext /usr/bin/gettext.sh /usr/bin/gettextize /usr/bin/gold /usr/bin/gpasswd /usr/bin/gpg /usr/bin/gpg-zip /usr/bin/gpgsplit /usr/bin/gpgv /usr/bin/gpic /usr/bin/gprof /usr/bin/groff /usr/bin/grog /usr/bin/grops /usr/bin/grotty /usr/bin/groups /usr/bin/gtbl /usr/bin/h2ph /usr/bin/h2xs /usr/bin/hd /usr/bin/head /usr/bin/hexdump /usr/bin/hostid /usr/bin/html2text /usr/bin/i386 /usr/bin/iconv /usr/bin/id /usr/bin/ifnames /usr/bin/infocmp /usr/bin/infotocap /usr/bin/install /usr/bin/instmodsh /usr/bin/ionice /usr/bin/ipcmk /usr/bin/ipcrm /usr/bin/ipcs /usr/bin/ischroot /usr/bin/join /usr/bin/last /usr/bin/lastb /usr/bin/lastlog /usr/bin/ld /usr/bin/ld.bfd /usr/bin/ld.gold /usr/bin/ldd /usr/bin/lexgrog /usr/bin/libnetcfg /usr/bin/line /usr/bin/link /usr/bin/linux32 /usr/bin/linux64 /usr/bin/lnstat /usr/bin/locale /usr/bin/localedef /usr/bin/lockfile-check /usr/bin/lockfile-create /usr/bin/lockfile-remove /usr/bin/lockfile-touch /usr/bin/logger /usr/bin/logname /usr/bin/look /usr/bin/lorder /usr/bin/lsattr /usr/bin/lscpu /usr/bin/lsinitramfs /usr/bin/lspgpot /usr/bin/lzmainfo /usr/bin/m4 /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock /usr/bin/make /usr/bin/man /usr/bin/mandb /usr/bin/manpath /usr/bin/mawk /usr/bin/mcookie /usr/bin/md5sum /usr/bin/md5sum.textutils /usr/bin/mesg /usr/bin/mkfifo /usr/bin/msgattrib /usr/bin/msgcat /usr/bin/msgcmp /usr/bin/msgcomm /usr/bin/msgconv /usr/bin/msgen /usr/bin/msgexec /usr/bin/msgfilter /usr/bin/msgfmt /usr/bin/msggrep /usr/bin/msginit /usr/bin/msgmerge /usr/bin/msgunfmt /usr/bin/msguniq /usr/bin/mtrace /usr/bin/namei /usr/bin/nawk /usr/bin/ncal /usr/bin/ncurses5-config /usr/bin/ncursesw5-config /usr/bin/neqn /usr/bin/newgrp /usr/bin/ngettext /usr/bin/nice /usr/bin/nl /usr/bin/nm /usr/bin/nohup /usr/bin/nproc /usr/bin/nroff /usr/bin/nstat /usr/bin/objcopy /usr/bin/objdump /usr/bin/od /usr/bin/oldfind /usr/bin/openssl /usr/bin/optipng /usr/bin/pager /usr/bin/partx /usr/bin/passwd /usr/bin/paste /usr/bin/patch /usr/bin/pathchk /usr/bin/perl /usr/bin/perl5.12.4 /usr/bin/perlbug /usr/bin/perldoc /usr/bin/perlivp /usr/bin/perlthanks /usr/bin/pg /usr/bin/pgrep /usr/bin/pic /usr/bin/piconv /usr/bin/pinky /usr/bin/pkg_create_dbgsym /usr/bin/pkgmaintainermangler /usr/bin/pkgsanitychecks /usr/bin/pkgstripfiles /usr/bin/pkgstriptranslations /usr/bin/pkill /usr/bin/pl2pm /usr/bin/pmap /usr/bin/po2debconf /usr/bin/pod2html /usr/bin/pod2latex /usr/bin/pod2man /usr/bin/pod2text /usr/bin/pod2usage /usr/bin/podchecker /usr/bin/podebconf-display-po /usr/bin/podebconf-report-po /usr/bin/podselect /usr/bin/pr /usr/bin/preconv /usr/bin/prename /usr/bin/printenv /usr/bin/printerbanner /usr/bin/printf /usr/bin/prove /usr/bin/psed /usr/bin/pstruct /usr/bin/ptar /usr/bin/ptardiff /usr/bin/ptx /usr/bin/pwdx /usr/bin/pyclean /usr/bin/pycompile /usr/bin/python /usr/bin/python2.7 /usr/bin/ranlib /usr/bin/readelf /usr/bin/recode-sr-latin /usr/bin/rename /usr/bin/rename.ul /usr/bin/renice /usr/bin/reset /usr/bin/rev /usr/bin/rgrep /usr/bin/routef /usr/bin/routel /usr/bin/rpcgen /usr/bin/rpcinfo /usr/bin/rtstat /usr/bin/runcon /usr/bin/s2p /usr/bin/savelog /usr/bin/script /usr/bin/scriptreplay /usr/bin/sdiff /usr/bin/select-editor /usr/bin/sensible-browser /usr/bin/sensible-editor /usr/bin/sensible-pager /usr/bin/seq /usr/bin/service /usr/bin/setarch /usr/bin/setsid /usr/bin/setterm /usr/bin/sg /usr/bin/sha1sum /usr/bin/sha224sum /usr/bin/sha256sum /usr/bin/sha384sum /usr/bin/sha512sum /usr/bin/shasum /usr/bin/shred /usr/bin/shuf /usr/bin/size /usr/bin/skill /usr/bin/slabtop /usr/bin/snice /usr/bin/soelim /usr/bin/sort /usr/bin/splain /usr/bin/split /usr/bin/sprof /usr/bin/stat /usr/bin/stdbuf /usr/bin/strings /usr/bin/strip /usr/bin/sum /usr/bin/tabs /usr/bin/tac /usr/bin/tail /usr/bin/taskset /usr/bin/tbl /usr/bin/tee /usr/bin/test /usr/bin/tic /usr/bin/timeout /usr/bin/tload /usr/bin/toe /usr/bin/top /usr/bin/touch /usr/bin/tput /usr/bin/tr /usr/bin/troff /usr/bin/truncate /usr/bin/tset /usr/bin/tsort /usr/bin/tty /usr/bin/tzselect /usr/bin/ul /usr/bin/unexpand /usr/bin/uniq /usr/bin/unlink /usr/bin/unshare /usr/bin/unxz /usr/bin/update-alternatives /usr/bin/uptime /usr/bin/users /usr/bin/vmstat /usr/bin/w /usr/bin/w.procps /usr/bin/wall /usr/bin/watch /usr/bin/wc /usr/bin/whatis /usr/bin/whereis /usr/bin/which /usr/bin/who /usr/bin/whoami /usr/bin/write /usr/bin/x86_64 /usr/bin/x86_64-linux-gnu-cpp /usr/bin/x86_64-linux-gnu-cpp-4.6 /usr/bin/x86_64-linux-gnu-g++ /usr/bin/x86_64-linux-gnu-g++-4.6 /usr/bin/x86_64-linux-gnu-gcc /usr/bin/x86_64-linux-gnu-gcc-4.6 /usr/bin/xargs /usr/bin/xgettext /usr/bin/xsubpp /usr/bin/xz /usr/bin/xzcat /usr/bin/xzcmp /usr/bin/xzdiff /usr/bin/xzegrep /usr/bin/xzfgrep /usr/bin/xzgrep /usr/bin/xzless /usr/bin/xzmore /usr/bin/yes /usr/bin/zdump /usr/bin/zsoelim executables
as owned by `bin', this account will not flag a warning.
<P>
Linux (notably RedHat) operating environments violate this convention
with printer (lp*) and rpm programs among others.
Changing ownership in this case may be problematic.
<PRE>










</PRE><HR>
<A NAME="path003i"><P><B>Code [path003i]</B><P>
No PATH variable could be extracted from the indicated file. This either
indicates that the PATH is not set in the file, or that the file is too
complex to be able to extract it.
<PRE>










</PRE><HR>
<A NAME="path004w"><P><B>Code [path004w]</B><P>
The PATH variable from the indicated initialization file for `root' puts `.'
(dot) in the PATH. Having dot in `root's path can allow Trojan horse
programs to be unknowingly executed by root.
<P>
References: curry/33-34
garfinkel/151-153
<PRE>










</PRE><HR>
<A NAME="path005w"><P><B>Code [path005w]</B><P>
The PATH variable from the indicated user and initialization file
contains the `.' (dot) directory, but it is not the last component.
This can cause Trojan horse programs to be executed. It is recommended
that `.' not be in the PATH (especially for `root'), but if it is included,
it should be the last directory listed in the PATH variable.
<P>
References: curry/33-34
garfinkel/151-153
<PRE>










</PRE><HR>
<A NAME="path006w"><P><B>Code [path006w]</B><P>
The indicated directory from a user's PATH variable is writable. This can
allow commands in this directory to be replaced with Trojan horse programs.
Note that this can be reported even if the directory itself does not have
group or world write permissions. This message is generated if any directory
component of the pathname is writable (the directory itself can be replaced
with a new, writable one if a directory higher up is writable).
<P>
References: curry/33-34
garfinkel/151-153
<PRE>










</PRE><HR>
<A NAME="path007w"><P><B>Code [path007w]</B><P>
The indicated directory is in `root's PATH, but is not owned by 'root'.
This can allow Trojan horse programs to be placed into any executables
in this directory. The ownership of the directory should be changed
to `root'.
<PRE>










</PRE><HR>
<A NAME="path008i"><P><B>Code [path008i]</B><P>
The indicated setuid program is in root's PATH, but is not owned by
root. Since it is setuid to a user other than root, there usually is
no solution for this. You should be aware of these though, as they
can allow Trojan horse programs or viruses to be planted into these
executables and spread by `root'. Often these executables are owned
by `bin', `uucp' or other system accounts. If these commands are
never used by root, then this is not a problem.
<PRE>










</PRE><HR>
<A NAME="path009w"><P><B>Code [path009w]</B><P>
An initial setting of the PATH variable should be setup in the default
locations for shell login programs (/etc/profile, /etc/csh.login, etc.).