Adding ~/.local/bin to default PATH

Michal Hlavinka mhlavink at
Thu Jul 28 09:41:13 UTC 2011

On 07/27/2011 10:09 PM, Reindl Harald wrote:
> Am 27.07.2011 21:59, schrieb Marc-André Lureau:
>> I don't understand the security risks. If something is allowed to
>> write to ~/.local/bin (or ~/bin etc..), then surely it's able to read
>> elsewhere or do something else nasty. Could someone detail it?
> Depends on the PATH-Order

yes, and if attacker wants to do something, there are better options 
than putting 'ls' file in ~/.local/bin or ~/bin, which will be executed 
only if global ls is missing. If he can put file somewhere, why don't 
just write ~/.bash_profile with own content? you can change PATH, 
aliases, add there 'ls' function or anything else you want...

More information about the devel mailing list