On Tue, Jun 12, 2018 at 10:20:46AM -0700, Howard Howell wrote:
I haven't followed all of this thread, too self busy. However
there is
a security argument. If you have a local executable directory, then
the capability for malicious software to attach is wide open for that
user, whatever their privelege level might be.
Most businesses that have linux in their suite, won't want a ~/.bin
anywhere in their organization.
If a malicious attacker have privileges to create/modify $HOME/.bin/foo,
then they will also have privileges to modify $HOME/.bashrc to add any
directory they wish to $PATH. So that security argument doesn't hold water.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|