Adding ~/.local/bin to default PATH
mhlavink at redhat.com
Thu Jul 28 09:41:13 UTC 2011
On 07/27/2011 10:09 PM, Reindl Harald wrote:
> Am 27.07.2011 21:59, schrieb Marc-André Lureau:
>> I don't understand the security risks. If something is allowed to
>> write to ~/.local/bin (or ~/bin etc..), then surely it's able to read
>> elsewhere or do something else nasty. Could someone detail it?
> Depends on the PATH-Order
yes, and if attacker wants to do something, there are better options
than putting 'ls' file in ~/.local/bin or ~/bin, which will be executed
only if global ls is missing. If he can put file somewhere, why don't
just write ~/.bash_profile with own content? you can change PATH,
aliases, add there 'ls' function or anything else you want...
More information about the devel