Adding ~/.local/bin to default PATH

Michal Hlavinka mhlavink at redhat.com
Thu Jul 28 09:41:13 UTC 2011


On 07/27/2011 10:09 PM, Reindl Harald wrote:
>
>
> Am 27.07.2011 21:59, schrieb Marc-André Lureau:
>> I don't understand the security risks. If something is allowed to
>> write to ~/.local/bin (or ~/bin etc..), then surely it's able to read
>> elsewhere or do something else nasty. Could someone detail it?
>
> Depends on the PATH-Order

yes, and if attacker wants to do something, there are better options 
than putting 'ls' file in ~/.local/bin or ~/bin, which will be executed 
only if global ls is missing. If he can put file somewhere, why don't 
just write ~/.bash_profile with own content? you can change PATH, 
aliases, add there 'ls' function or anything else you want...


More information about the devel mailing list