User-level instance of /bin in PATH
Braden McDaniel
braden at endoframe.com
Thu Jul 28 03:38:41 UTC 2011
On Wed, 2011-07-27 at 09:11 +0200, Nicolas Mailhot wrote:
> Le mercredi 27 juillet 2011 à 00:01 -0400, Braden McDaniel a écrit :
>
> > Can someone explain (or point to) the rationale appending these to PATH
> > rather than prepending them? I would have expected user binaries to
> > supersede system ones.
>
> Security. You can do all kinds of mischief by overriding an (audited)
> system command with a user-level command (even appending is IMHO
> borderline dangerous till the usual infection/attack vectors, MUAs &
> browsers have not been taught to triple-check and flag anything going
> there)
Oh. So, user account-level security for user accounts that have already
been compromised.
Right. Say no more.
--
Braden McDaniel <braden at endoframe.com>
More information about the devel
mailing list