On 2013-10-30 10:58, Reindl Harald wrote:
Am 30.10.2013 10:53, schrieb Alec Leamas:
> On 2013-10-30 10:23, Reindl Harald wrote:
>> Am 30.10.2013 02:03, schrieb Chris Adams:
>>> Once upon a time, Reindl Harald <h.reindl(a)thelounge.net> said:
>>>> [root@srv-rhsoft:~]$ mkdir test
>>>> i could rm -rf ~/ here
>>>>
>>>> [root@srv-rhsoft:~]$ cat /usr/local/bin/mkdir
>>>> #!/bin/bash
>>>> echo "i could rm -rf ~/ here"
>>> If I can write to files you own, it doesn't matter if there's a
>>> directory in the PATH or not. I can write this to your .bash_profile:
>>>
>>> /bin/mkdir $HOME/.bin 2> /dev/null
>>> echo 'echo "i could rm -rf ~/ here"' >
$HOME/.bin/mkdir
>>> chmod +x $HOME/.bin/mkdir
>>> PATH=$HOME/.bin:$PATH
>> you can do this and that - but that's no valid argumentation
>> doing bad things in default setups and *at least* do not
>> place *hidden* diretories there, ther is a good reason why
>> software like rkhunter alerts if you have hidden directories
>> somewhere in /usr/bin/
>>
> Some kind of reference for the bad in having a well-known, hidden directory in the
path?
the *writeable for the user* is the problem
Any reference for this problem?
--alec