Adding ~/.local/bin to default PATH
Reindl Harald
h.reindl at thelounge.net
Wed Jul 27 21:36:12 UTC 2011
Am 27.07.2011 23:00, schrieb Jesse Keating:
> On 7/27/11 1:09 PM, Reindl Harald wrote:
>> Depends on the PATH-Order
>>
>> if something is intended to be first in PATH and any attacker is able
>> to write there his "ls" would win against "/bin/ls"
>
> So, the attacker can write a compromised ls into .local/bin/, but isn't
> able to modify your .bash_profile ? Seems like a stretch
you are missing important rules of security:
* NOTHING is 100% secure
* make it as difficult as possible for attackers
it is a hughe difference if a attacker has only to drop a file
somewhere while bypassing any vulernable application to be
sucessfull or if he have to edit/overwrite a existing file TOO
mostly he has only ONE successful attempt to do anything, is
very limited what he can really do and gets no feedback, so
if your are vulnerable with ONE BLIND shot you are wide open
compared with a bundle of needed actions, even if a attacker
could do the whole bundle of needed actions -> if he
forgets ANYTHING he will have no access, if only one action
needed you are f**ed
that is how security most of the time works -> no make anything
100% secure, but make it as difficult as possible!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110727/ecad135e/attachment.bin
More information about the devel
mailing list