This check ensures that the current working directory (“.”) is not included in the executable path of the root user. Ensuring this prevents a malicious user from escalating privileges to superuser by forcing an administrator logged in as root from running a Trojan horse that may be installed in the current working directory.
description: "This check makes sure that root's $PATH variable does not contain any relative path."
This check reports all the world/group writeable directories in root users PATH variable. All directories returned by this check should be carefully examined and unnecessary world/group writeable permissions on directories should be removed as follows:
# chmod go-w path/to/directory
description: "This check makes sure that root's $PATH variable does not contain any writeable directory."