/usr/lib/tiger/html/paths.html is in tiger 1:3.2.3-8.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 | <HR><PRE>
</PRE><HR>
<CENTER><H2> Documents for paths</H2></CENTER>
<A NAME="path001w"><P><B>Code [path001w]</B><P>
The indicated file is in root's PATH, and is group writable, world
writable or both. This can allow Trojan horse programs or viruses to be
planted into these executables and spread by `root'. The group
and world write permissions should be removed.
<PRE>
</PRE><HR>
<A NAME="path002w"><P><B>Code [path002w]</B><P>
The indicated file is in root's PATH, but is not owned by root. This
can allow Trojan horse programs or viruses to be planted into these
executables and spread by `root'. Often these executables are owned by
`bin', `uucp' or other system accounts. If these commands are never
used by root, then this is not a problem. If they are, you should
consider changing the owner to `root'. Because of SMI's recent decision
to install most /usr/sbin/accessdb /usr/sbin/add-shell /usr/sbin/addgroup /usr/sbin/adduser /usr/sbin/arpd /usr/sbin/chgpasswd /usr/sbin/chpasswd /usr/sbin/chroot /usr/sbin/cpgr /usr/sbin/cppw /usr/sbin/cytune /usr/sbin/delgroup /usr/sbin/deluser /usr/sbin/dpkg-divert /usr/sbin/dpkg-preconfigure /usr/sbin/dpkg-reconfigure /usr/sbin/dpkg-statoverride /usr/sbin/e2freefrag /usr/sbin/fdformat /usr/sbin/filefrag /usr/sbin/groupadd /usr/sbin/groupdel /usr/sbin/groupmod /usr/sbin/grpck /usr/sbin/grpconv /usr/sbin/grpunconv /usr/sbin/iconvconfig /usr/sbin/install-info /usr/sbin/invoke-rc.d /usr/sbin/ldattach /usr/sbin/locale-gen /usr/sbin/mkinitramfs /usr/sbin/mklost+found /usr/sbin/newusers /usr/sbin/nologin /usr/sbin/pam-auth-update /usr/sbin/pam_getenv /usr/sbin/policy-rc.d /usr/sbin/pwck /usr/sbin/pwconv /usr/sbin/pwunconv /usr/sbin/readprofile /usr/sbin/remove-shell /usr/sbin/rmt /usr/sbin/rmt-tar /usr/sbin/rtcwake /usr/sbin/service /usr/sbin/tunelp /usr/sbin/tzconfig /usr/sbin/update-alternatives /usr/sbin/update-bootsystem-insserv /usr/sbin/update-ca-certificates /usr/sbin/update-initramfs /usr/sbin/update-locale /usr/sbin/update-passwd /usr/sbin/update-rc.d /usr/sbin/update-rc.d-insserv /usr/sbin/useradd /usr/sbin/userdel /usr/sbin/usermod /usr/sbin/validlocale /usr/sbin/vigr /usr/sbin/vipw /usr/sbin/zg-policy-rc.d /usr/sbin/zic and /usr/bin/[ /usr/bin/a2p /usr/bin/addpart /usr/bin/addr2line /usr/bin/advdef /usr/bin/advmng /usr/bin/advpng /usr/bin/advzip /usr/bin/apropos /usr/bin/apt-cache /usr/bin/apt-cdrom /usr/bin/apt-config /usr/bin/apt-get /usr/bin/apt-key /usr/bin/apt-mark /usr/bin/ar /usr/bin/arch /usr/bin/as /usr/bin/autoconf /usr/bin/autoheader /usr/bin/autom4te /usr/bin/autoreconf /usr/bin/autoscan /usr/bin/autoupdate /usr/bin/awk /usr/bin/base64 /usr/bin/basename /usr/bin/bashbug /usr/bin/bsd-from /usr/bin/bsd-write /usr/bin/c++ /usr/bin/c++filt /usr/bin/c2ph /usr/bin/c89 /usr/bin/c89-gcc /usr/bin/c99 /usr/bin/c99-gcc /usr/bin/c_rehash /usr/bin/cal /usr/bin/calendar /usr/bin/captoinfo /usr/bin/catchsegv /usr/bin/catman /usr/bin/cc /usr/bin/chage /usr/bin/chattr /usr/bin/chcon /usr/bin/chfn /usr/bin/chkdupexe /usr/bin/chrt /usr/bin/chsh /usr/bin/cksum /usr/bin/clear /usr/bin/clear_console /usr/bin/cmp /usr/bin/col /usr/bin/colcrt /usr/bin/colrm /usr/bin/column /usr/bin/comm /usr/bin/config_data /usr/bin/corelist /usr/bin/cpan /usr/bin/cpan2dist /usr/bin/cpanp /usr/bin/cpanp-run-perl /usr/bin/cpp /usr/bin/cpp-4.6 /usr/bin/csplit /usr/bin/csslint-0.6 /usr/bin/ctstat /usr/bin/cut /usr/bin/ddate /usr/bin/debconf /usr/bin/debconf-apt-progress /usr/bin/debconf-communicate /usr/bin/debconf-copydb /usr/bin/debconf-escape /usr/bin/debconf-gettextize /usr/bin/debconf-set-selections /usr/bin/debconf-show /usr/bin/debconf-updatepo /usr/bin/delpart /usr/bin/dh /usr/bin/dh_apparmor /usr/bin/dh_auto_build /usr/bin/dh_auto_clean /usr/bin/dh_auto_configure /usr/bin/dh_auto_install /usr/bin/dh_auto_test /usr/bin/dh_bugfiles /usr/bin/dh_builddeb /usr/bin/dh_clean /usr/bin/dh_compress /usr/bin/dh_desktop /usr/bin/dh_fixperms /usr/bin/dh_gconf /usr/bin/dh_gencontrol /usr/bin/dh_icons /usr/bin/dh_install /usr/bin/dh_installcatalogs /usr/bin/dh_installchangelogs /usr/bin/dh_installcron /usr/bin/dh_installdeb /usr/bin/dh_installdebconf /usr/bin/dh_installdirs /usr/bin/dh_installdocs /usr/bin/dh_installemacsen /usr/bin/dh_installexamples /usr/bin/dh_installgsettings /usr/bin/dh_installifupdown /usr/bin/dh_installinfo /usr/bin/dh_installinit /usr/bin/dh_installlogcheck /usr/bin/dh_installlogrotate /usr/bin/dh_installman /usr/bin/dh_installmanpages /usr/bin/dh_installmenu /usr/bin/dh_installmime /usr/bin/dh_installmodules /usr/bin/dh_installpam /usr/bin/dh_installppp /usr/bin/dh_installudev /usr/bin/dh_installwm /usr/bin/dh_installxfonts /usr/bin/dh_link /usr/bin/dh_lintian /usr/bin/dh_listpackages /usr/bin/dh_makeshlibs /usr/bin/dh_md5sums /usr/bin/dh_movefiles /usr/bin/dh_perl /usr/bin/dh_prep /usr/bin/dh_python /usr/bin/dh_scrollkeeper /usr/bin/dh_shlibdeps /usr/bin/dh_strip /usr/bin/dh_strip.pkg-create-dbgsym /usr/bin/dh_suidregister /usr/bin/dh_testdir /usr/bin/dh_testroot /usr/bin/dh_ucf /usr/bin/dh_undocumented /usr/bin/dh_usrlocal /usr/bin/diff /usr/bin/diff3 /usr/bin/dircolors /usr/bin/dirname /usr/bin/dotlockfile /usr/bin/dpkg /usr/bin/dpkg-architecture /usr/bin/dpkg-buildflags /usr/bin/dpkg-buildpackage /usr/bin/dpkg-checkbuilddeps /usr/bin/dpkg-deb /usr/bin/dpkg-deb.pkgbinarymangler /usr/bin/dpkg-distaddfile /usr/bin/dpkg-divert /usr/bin/dpkg-genchanges /usr/bin/dpkg-gencontrol /usr/bin/dpkg-gensymbols /usr/bin/dpkg-maintscript-helper /usr/bin/dpkg-mergechangelogs /usr/bin/dpkg-name /usr/bin/dpkg-parsechangelog /usr/bin/dpkg-query /usr/bin/dpkg-scanpackages /usr/bin/dpkg-scansources /usr/bin/dpkg-shlibdeps /usr/bin/dpkg-source /usr/bin/dpkg-split /usr/bin/dpkg-statoverride /usr/bin/dpkg-trigger /usr/bin/dpkg-vendor /usr/bin/dprofpp /usr/bin/du /usr/bin/elfedit /usr/bin/enc2xs /usr/bin/env /usr/bin/envsubst /usr/bin/eqn /usr/bin/expand /usr/bin/expiry /usr/bin/expr /usr/bin/factor /usr/bin/faillog /usr/bin/faked-sysv /usr/bin/faked-tcp /usr/bin/fakeroot /usr/bin/fakeroot-sysv /usr/bin/fakeroot-tcp /usr/bin/fallocate /usr/bin/file /usr/bin/find /usr/bin/find2perl /usr/bin/flock /usr/bin/fmt /usr/bin/fold /usr/bin/free /usr/bin/from /usr/bin/g++ /usr/bin/g++-4.6 /usr/bin/gcc /usr/bin/gcc-4.6 /usr/bin/gcov /usr/bin/gcov-4.6 /usr/bin/gencat /usr/bin/geqn /usr/bin/getconf /usr/bin/getent /usr/bin/getopt /usr/bin/gettext /usr/bin/gettext.sh /usr/bin/gettextize /usr/bin/gold /usr/bin/gpasswd /usr/bin/gpg /usr/bin/gpg-zip /usr/bin/gpgsplit /usr/bin/gpgv /usr/bin/gpic /usr/bin/gprof /usr/bin/groff /usr/bin/grog /usr/bin/grops /usr/bin/grotty /usr/bin/groups /usr/bin/gtbl /usr/bin/h2ph /usr/bin/h2xs /usr/bin/hd /usr/bin/head /usr/bin/hexdump /usr/bin/hostid /usr/bin/html2text /usr/bin/i386 /usr/bin/iconv /usr/bin/id /usr/bin/ifnames /usr/bin/infocmp /usr/bin/infotocap /usr/bin/install /usr/bin/instmodsh /usr/bin/ionice /usr/bin/ipcmk /usr/bin/ipcrm /usr/bin/ipcs /usr/bin/ischroot /usr/bin/join /usr/bin/last /usr/bin/lastb /usr/bin/lastlog /usr/bin/ld /usr/bin/ld.bfd /usr/bin/ld.gold /usr/bin/ldd /usr/bin/lexgrog /usr/bin/libnetcfg /usr/bin/line /usr/bin/link /usr/bin/linux32 /usr/bin/linux64 /usr/bin/lnstat /usr/bin/locale /usr/bin/localedef /usr/bin/lockfile-check /usr/bin/lockfile-create /usr/bin/lockfile-remove /usr/bin/lockfile-touch /usr/bin/logger /usr/bin/logname /usr/bin/look /usr/bin/lorder /usr/bin/lsattr /usr/bin/lscpu /usr/bin/lsinitramfs /usr/bin/lspgpot /usr/bin/lzmainfo /usr/bin/m4 /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock /usr/bin/make /usr/bin/man /usr/bin/mandb /usr/bin/manpath /usr/bin/mawk /usr/bin/mcookie /usr/bin/md5sum /usr/bin/md5sum.textutils /usr/bin/mesg /usr/bin/mkfifo /usr/bin/msgattrib /usr/bin/msgcat /usr/bin/msgcmp /usr/bin/msgcomm /usr/bin/msgconv /usr/bin/msgen /usr/bin/msgexec /usr/bin/msgfilter /usr/bin/msgfmt /usr/bin/msggrep /usr/bin/msginit /usr/bin/msgmerge /usr/bin/msgunfmt /usr/bin/msguniq /usr/bin/mtrace /usr/bin/namei /usr/bin/nawk /usr/bin/ncal /usr/bin/ncurses5-config /usr/bin/ncursesw5-config /usr/bin/neqn /usr/bin/newgrp /usr/bin/ngettext /usr/bin/nice /usr/bin/nl /usr/bin/nm /usr/bin/nohup /usr/bin/nproc /usr/bin/nroff /usr/bin/nstat /usr/bin/objcopy /usr/bin/objdump /usr/bin/od /usr/bin/oldfind /usr/bin/openssl /usr/bin/optipng /usr/bin/pager /usr/bin/partx /usr/bin/passwd /usr/bin/paste /usr/bin/patch /usr/bin/pathchk /usr/bin/perl /usr/bin/perl5.12.4 /usr/bin/perlbug /usr/bin/perldoc /usr/bin/perlivp /usr/bin/perlthanks /usr/bin/pg /usr/bin/pgrep /usr/bin/pic /usr/bin/piconv /usr/bin/pinky /usr/bin/pkg_create_dbgsym /usr/bin/pkgmaintainermangler /usr/bin/pkgsanitychecks /usr/bin/pkgstripfiles /usr/bin/pkgstriptranslations /usr/bin/pkill /usr/bin/pl2pm /usr/bin/pmap /usr/bin/po2debconf /usr/bin/pod2html /usr/bin/pod2latex /usr/bin/pod2man /usr/bin/pod2text /usr/bin/pod2usage /usr/bin/podchecker /usr/bin/podebconf-display-po /usr/bin/podebconf-report-po /usr/bin/podselect /usr/bin/pr /usr/bin/preconv /usr/bin/prename /usr/bin/printenv /usr/bin/printerbanner /usr/bin/printf /usr/bin/prove /usr/bin/psed /usr/bin/pstruct /usr/bin/ptar /usr/bin/ptardiff /usr/bin/ptx /usr/bin/pwdx /usr/bin/pyclean /usr/bin/pycompile /usr/bin/python /usr/bin/python2.7 /usr/bin/ranlib /usr/bin/readelf /usr/bin/recode-sr-latin /usr/bin/rename /usr/bin/rename.ul /usr/bin/renice /usr/bin/reset /usr/bin/rev /usr/bin/rgrep /usr/bin/routef /usr/bin/routel /usr/bin/rpcgen /usr/bin/rpcinfo /usr/bin/rtstat /usr/bin/runcon /usr/bin/s2p /usr/bin/savelog /usr/bin/script /usr/bin/scriptreplay /usr/bin/sdiff /usr/bin/select-editor /usr/bin/sensible-browser /usr/bin/sensible-editor /usr/bin/sensible-pager /usr/bin/seq /usr/bin/service /usr/bin/setarch /usr/bin/setsid /usr/bin/setterm /usr/bin/sg /usr/bin/sha1sum /usr/bin/sha224sum /usr/bin/sha256sum /usr/bin/sha384sum /usr/bin/sha512sum /usr/bin/shasum /usr/bin/shred /usr/bin/shuf /usr/bin/size /usr/bin/skill /usr/bin/slabtop /usr/bin/snice /usr/bin/soelim /usr/bin/sort /usr/bin/splain /usr/bin/split /usr/bin/sprof /usr/bin/stat /usr/bin/stdbuf /usr/bin/strings /usr/bin/strip /usr/bin/sum /usr/bin/tabs /usr/bin/tac /usr/bin/tail /usr/bin/taskset /usr/bin/tbl /usr/bin/tee /usr/bin/test /usr/bin/tic /usr/bin/timeout /usr/bin/tload /usr/bin/toe /usr/bin/top /usr/bin/touch /usr/bin/tput /usr/bin/tr /usr/bin/troff /usr/bin/truncate /usr/bin/tset /usr/bin/tsort /usr/bin/tty /usr/bin/tzselect /usr/bin/ul /usr/bin/unexpand /usr/bin/uniq /usr/bin/unlink /usr/bin/unshare /usr/bin/unxz /usr/bin/update-alternatives /usr/bin/uptime /usr/bin/users /usr/bin/vmstat /usr/bin/w /usr/bin/w.procps /usr/bin/wall /usr/bin/watch /usr/bin/wc /usr/bin/whatis /usr/bin/whereis /usr/bin/which /usr/bin/who /usr/bin/whoami /usr/bin/write /usr/bin/x86_64 /usr/bin/x86_64-linux-gnu-cpp /usr/bin/x86_64-linux-gnu-cpp-4.6 /usr/bin/x86_64-linux-gnu-g++ /usr/bin/x86_64-linux-gnu-g++-4.6 /usr/bin/x86_64-linux-gnu-gcc /usr/bin/x86_64-linux-gnu-gcc-4.6 /usr/bin/xargs /usr/bin/xgettext /usr/bin/xsubpp /usr/bin/xz /usr/bin/xzcat /usr/bin/xzcmp /usr/bin/xzdiff /usr/bin/xzegrep /usr/bin/xzfgrep /usr/bin/xzgrep /usr/bin/xzless /usr/bin/xzmore /usr/bin/yes /usr/bin/zdump /usr/bin/zsoelim executables
as owned by `bin', this account will not flag a warning.
<P>
Linux (notably RedHat) operating environments violate this convention
with printer (lp*) and rpm programs among others.
Changing ownership in this case may be problematic.
<PRE>
</PRE><HR>
<A NAME="path003i"><P><B>Code [path003i]</B><P>
No PATH variable could be extracted from the indicated file. This either
indicates that the PATH is not set in the file, or that the file is too
complex to be able to extract it.
<PRE>
</PRE><HR>
<A NAME="path004w"><P><B>Code [path004w]</B><P>
The PATH variable from the indicated initialization file for `root' puts `.'
(dot) in the PATH. Having dot in `root's path can allow Trojan horse
programs to be unknowingly executed by root.
<P>
References: curry/33-34
garfinkel/151-153
<PRE>
</PRE><HR>
<A NAME="path005w"><P><B>Code [path005w]</B><P>
The PATH variable from the indicated user and initialization file
contains the `.' (dot) directory, but it is not the last component.
This can cause Trojan horse programs to be executed. It is recommended
that `.' not be in the PATH (especially for `root'), but if it is included,
it should be the last directory listed in the PATH variable.
<P>
References: curry/33-34
garfinkel/151-153
<PRE>
</PRE><HR>
<A NAME="path006w"><P><B>Code [path006w]</B><P>
The indicated directory from a user's PATH variable is writable. This can
allow commands in this directory to be replaced with Trojan horse programs.
Note that this can be reported even if the directory itself does not have
group or world write permissions. This message is generated if any directory
component of the pathname is writable (the directory itself can be replaced
with a new, writable one if a directory higher up is writable).
<P>
References: curry/33-34
garfinkel/151-153
<PRE>
</PRE><HR>
<A NAME="path007w"><P><B>Code [path007w]</B><P>
The indicated directory is in `root's PATH, but is not owned by 'root'.
This can allow Trojan horse programs to be placed into any executables
in this directory. The ownership of the directory should be changed
to `root'.
<PRE>
</PRE><HR>
<A NAME="path008i"><P><B>Code [path008i]</B><P>
The indicated setuid program is in root's PATH, but is not owned by
root. Since it is setuid to a user other than root, there usually is
no solution for this. You should be aware of these though, as they
can allow Trojan horse programs or viruses to be planted into these
executables and spread by `root'. Often these executables are owned
by `bin', `uucp' or other system accounts. If these commands are
never used by root, then this is not a problem.
<PRE>
</PRE><HR>
<A NAME="path009w"><P><B>Code [path009w]</B><P>
An initial setting of the PATH variable should be setup in the default
locations for shell login programs (/etc/profile, /etc/csh.login, etc.).
|