Adding ~/.local/bin to default PATH
opensource at till.name
Thu Jul 28 16:06:20 UTC 2011
On Wed, Jul 27, 2011 at 02:00:28PM -0700, Jesse Keating wrote:
> On 7/27/11 1:09 PM, Reindl Harald wrote:
> > Depends on the PATH-Order
> > if something is intended to be first in PATH and any attacker is able
> > to write there his "ls" would win against "/bin/ls"
> So, the attacker can write a compromised ls into .local/bin/, but isn't
> able to modify your .bash_profile ? Seems like a stretch.
Such vulnerabilities/exploits existed in the past, e.g. I remember one
that allowed to create new world readable files at an arbitrary
location. It was not possible to change existing files with that
More information about the devel