Adding ~/.local/bin to default PATH
Genes MailLists
lists at sapience.com
Wed Jul 27 21:14:22 UTC 2011
On 07/27/2011 05:00 PM, Jesse Keating wrote:
> On 7/27/11 1:09 PM, Reindl Harald wrote:
>> Depends on the PATH-Order
>>
>> if something is intended to be first in PATH and any attacker is able
>> to write there his "ls" would win against "/bin/ls"
>
> So, the attacker can write a compromised ls into .local/bin/, but isn't
> able to modify your .bash_profile ? Seems like a stretch.
>
Yeh its a bit of a stretch - but it is a little bit easier for a
blackhat to drop a file somewhere than to edit/replace a specific
existing file (which could/should be rx not rwx) ... (think phishing) ..
but still getting it to a damaging place can be more tricky ...
gene
More information about the devel
mailing list