$HOME/.local/bin in $PATH
Petr Viktorin
pviktori at redhat.com
Fri Nov 1 10:08:41 UTC 2013
On 11/01/2013 10:48 AM, Reindl Harald wrote:
> Am 01.11.2013 10:38, schrieb drago01:
>> On Fri, Nov 1, 2013 at 10:26 AM, Andrew Haley <aph at redhat.com> wrote:
>>> On 10/30/2013 10:27 AM, Alec Leamas wrote:
>>>> On 2013-10-30 11:23, Reindl Harald wrote:
>>>>> Am 30.10.2013 11:20, schrieb Alec Leamas:
>>>>>> On 2013-10-30 10:58, Reindl Harald wrote:
>>>>>>> Am 30.10.2013 10:53, schrieb Alec Leamas:
>>>>>>>> Some kind of reference for the bad in having a well-known, hidden directory in the path?
>>>>>>> the *writeable for the user* is the problem
>>>>>> Any reference for this problem?
>>>>> what about consider the implications?
>>>>> do you really need a written reference for any security relevant fact?
>>>>> i can write one for you if you prefer links :-)
>>>>>
>>>> Well, the question is really if someone else out there share your
>>>> concerns about this.
>>>
>>> Why does it matter? A hidden directory in everyone's path is obviously
>>> useful to an attacker, and (IMO) more useful to an attacker than to a user.
>>
>> The attacker needs to be able to write to your home directory to take
>> advantage of it.
>> And if he can do that (you lost) he has numerous other ways of doing it
>
> so the people decided not put the current directory in the
> PATH on Unix *for security reasons* decades ago must be
> fools and if you would have been born as this happened you
> would have told them "forget it, in that case you are lost"
Was that even for security reasons?
Anyway, how this is relevant to this discussion? How does a static,
well-known (maybe not to you so far) bin directory compare to the danger
of . PATH and, say, a rootkit in /tmp/cp?
> heroic attitude :-)
>
> *yes* you have lost and in doubt in this situation the
> interesting thing is how large the impact becomes
Users of a multi-user system get to customize their system without
having to bother a sysadmin, and without seeing technical details of
that's accompished mixed with their ~/Photos and ~/Documents.
What impact did *you* have in mind?
--
PetrĀ³
More information about the devel
mailing list