$HOME/.local/bin in $PATH

Andrew Haley aph at redhat.com
Fri Nov 1 09:26:52 UTC 2013

On 10/30/2013 10:27 AM, Alec Leamas wrote:
> On 2013-10-30 11:23, Reindl Harald wrote:
>> Am 30.10.2013 11:20, schrieb Alec Leamas:
>>> On 2013-10-30 10:58, Reindl Harald wrote:
>>>> Am 30.10.2013 10:53, schrieb Alec Leamas:
>>>>> Some kind of reference for the bad in having a well-known, hidden directory in the path?
>>>> the *writeable for the user* is the problem
>>> Any reference for this problem?
>> what about consider the implications?
>> do you really need a written reference for any security relevant fact?
>> i can write one for you if you prefer links :-)
> Well, the question is really if someone else out there share your 
> concerns about this.

Why does it matter?  A hidden directory in everyone's path is obviously
useful to an attacker, and (IMO) more useful to an attacker than to a user.
You shouldn't need any references.


More information about the devel mailing list