Adding ~/.local/bin to default PATH
Bernd Stramm
bernd.stramm at gmail.com
Wed Jul 27 21:38:41 UTC 2011
On Wed, 27 Jul 2011 17:14:22 -0400
Genes MailLists <lists at sapience.com> wrote:
> On 07/27/2011 05:00 PM, Jesse Keating wrote:
> > On 7/27/11 1:09 PM, Reindl Harald wrote:
> >> Depends on the PATH-Order
> >>
> >> if something is intended to be first in PATH and any attacker is
> >> able to write there his "ls" would win against "/bin/ls"
> >
> > So, the attacker can write a compromised ls into .local/bin/, but
> > isn't able to modify your .bash_profile ? Seems like a stretch.
> >
>
> Yeh its a bit of a stretch - but it is a little bit easier for a
> blackhat to drop a file somewhere than to edit/replace a specific
> existing file (which could/should be rx not rwx) ... (think
> phishing) .. but still getting it to a damaging place can be more
> tricky ...
It isn't tricky at all to collect passwords like this.
>
> gene
More information about the devel
mailing list