$HOME/.local/bin in $PATH

drago01 drago01 at gmail.com
Fri Nov 1 09:38:45 UTC 2013

On Fri, Nov 1, 2013 at 10:26 AM, Andrew Haley <aph at redhat.com> wrote:
> On 10/30/2013 10:27 AM, Alec Leamas wrote:
>> On 2013-10-30 11:23, Reindl Harald wrote:
>>> Am 30.10.2013 11:20, schrieb Alec Leamas:
>>>> On 2013-10-30 10:58, Reindl Harald wrote:
>>>>> Am 30.10.2013 10:53, schrieb Alec Leamas:
>>>>>> Some kind of reference for the bad in having a well-known, hidden directory in the path?
>>>>> the *writeable for the user* is the problem
>>>> Any reference for this problem?
>>> what about consider the implications?
>>> do you really need a written reference for any security relevant fact?
>>> i can write one for you if you prefer links :-)
>> Well, the question is really if someone else out there share your
>> concerns about this.
> Why does it matter?  A hidden directory in everyone's path is obviously
> useful to an attacker, and (IMO) more useful to an attacker than to a user.

The attacker needs to be able to write to your home directory to take
advantage of it.
And if he can do that (you lost) he has numerous other ways of doing it.

More information about the devel mailing list