$HOME/.local/bin in $PATH

Thomas Moschny thomas.moschny at gmail.com
Fri Nov 1 10:08:01 UTC 2013

2013/11/1 Reindl Harald <h.reindl at thelounge.net>:
>> The attacker needs to be able to write to your home directory to take
>> advantage of it.
>> And if he can do that (you lost) he has numerous other ways of doing it
> so the people decided not put the current directory in the
> PATH on Unix *for security reasons* decades ago must be
> fools

Not having cwd in the path is a protection against malicious (or at
least joking) users on the same system: Otherwise they could easily
fool you to execute e.g. a file named 'ls' in their home doing
something evil.

- Thomas

More information about the devel mailing list