Adding ~/.local/bin to default PATH

[Bryn M. Reeves]

On 07/27/2011 03:14 PM, Bernd Stramm wrote:
> On Wed, 27 Jul 2011 15:54:09 +0200
> Lennart Poettering <mzerqung at 0pointer.de> wrote:
>> If you don't hide ~/.local and ~/.config then users who are less savvy
>> than us might wonder what thzat stuff is and delete it and nothing
>> will stop them and then all their configuration is lost.
> 
> Hiding configuration is one thing, hiding executables is another. Hiding
> executables is a security risk, and should not be done just because 
> a single person asked for it in a BZ.

There are already quite a few things that may place executables under . prefixed
paths in home. Java web start (javaws) for instance will install an entire jre
under .java/deployment/cache, wine has for many years installed Windows
executables (that can be executed by the system) under .wine, browser plugins
may be installed to .mozilla/plugins and are just as capable of performing
"evil" actions as an executable (e.g. drop a malicious plugin that hijacks some
common MIME types, do your $evil and then wrap the intended plugin).

There are various other examples - on an older release I find 171 such files
under ~/:

$ find $(l. | egrep -v '\.$|\.\.$') -type f -perm /111 | wc -l
171

Some of these aren't actually binaries/scripts - e.g. .desktop files and others
just appear to have "wrong" mode on creation but it's still clear that this is
nothing new.

I think the security aspects of this change are being overstated in this thread.

If something has already obtained the ability to create executable files under a
user's home directory then "your men are already dead"; The sophistication
needed to exploit it might vary a little but that's not something that gives me
great comfort.

Regards,
Bryn.