Adding ~/.local/bin to default PATH
Till Maas
opensource at till.name
Thu Jul 28 16:06:20 UTC 2011
On Wed, Jul 27, 2011 at 02:00:28PM -0700, Jesse Keating wrote:
> On 7/27/11 1:09 PM, Reindl Harald wrote:
> > Depends on the PATH-Order
> >
> > if something is intended to be first in PATH and any attacker is able
> > to write there his "ls" would win against "/bin/ls"
>
> So, the attacker can write a compromised ls into .local/bin/, but isn't
> able to modify your .bash_profile ? Seems like a stretch.
Such vulnerabilities/exploits existed in the past, e.g. I remember one
that allowed to create new world readable files at an arbitrary
location. It was not possible to change existing files with that
exploit.
Regards
Till
More information about the devel
mailing list