Adding ~/.local/bin to default PATH
Reindl Harald
h.reindl at thelounge.net
Wed Jul 27 20:09:35 UTC 2011
Am 27.07.2011 21:59, schrieb Marc-André Lureau:
> I don't understand the security risks. If something is allowed to
> write to ~/.local/bin (or ~/bin etc..), then surely it's able to read
> elsewhere or do something else nasty. Could someone detail it?
Depends on the PATH-Order
if something is intended to be first in PATH and any attacker is able
to write there his "ls" would win against "/bin/ls"
________
independent of this:
if you have a package NOT INSTALLED the binary does not exist and
the bin-dir in the user folder will win, if you read any article
and find a useful command which you have not installed and somebody
has placed a vulnerable binary in your userhome it will be executed
instead "command not found" and possible very long after it was placed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110727/4e0ee24b/attachment-0001.bin
More information about the devel
mailing list