$HOME/.local/bin in $PATH

drago01 drago01 at gmail.com
Fri Nov 1 10:43:40 UTC 2013


On Fri, Nov 1, 2013 at 10:48 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
> Am 01.11.2013 10:38, schrieb drago01:
>> On Fri, Nov 1, 2013 at 10:26 AM, Andrew Haley <aph at redhat.com> wrote:
>>> On 10/30/2013 10:27 AM, Alec Leamas wrote:
>>>> On 2013-10-30 11:23, Reindl Harald wrote:
>>>>> Am 30.10.2013 11:20, schrieb Alec Leamas:
>>>>>> On 2013-10-30 10:58, Reindl Harald wrote:
>>>>>>> Am 30.10.2013 10:53, schrieb Alec Leamas:
>>>>>>>> Some kind of reference for the bad in having a well-known, hidden directory in the path?
>>>>>>> the *writeable for the user* is the problem
>>>>>> Any reference for this problem?
>>>>> what about consider the implications?
>>>>> do you really need a written reference for any security relevant fact?
>>>>> i can write one for you if you prefer links :-)
>>>>>
>>>> Well, the question is really if someone else out there share your
>>>> concerns about this.
>>>
>>> Why does it matter?  A hidden directory in everyone's path is obviously
>>> useful to an attacker, and (IMO) more useful to an attacker than to a user.
>>
>> The attacker needs to be able to write to your home directory to take
>> advantage of it.
>> And if he can do that (you lost) he has numerous other ways of doing it
>
> so the people decided not put the current directory in the
> PATH on Unix *for security reasons* decades ago must be
> fools and if you would have been born as this happened you
> would have told them "forget it, in that case you are lost"

No because they have done it for a completely different reasons.
None of them was to protect from the attacker that can write to your
home directory.


More information about the devel mailing list