$HOME/.local/bin in $PATH

Chris Adams linux at cmadams.net
Fri Nov 1 20:04:12 UTC 2013


Once upon a time, Miloslav Trma─Ź <mitr at volny.cz> said:
> I don't think this in practice matters _for security_[1]: Even the
> users that know ~/bin exists are extremely unlikely to be regularly
> checking its contents to see whether a malicious file hasn't been
> added.

And again, it isn't just directories in PATH.  How many users regularly
check their shell init scripts (.bash_profile, .bashrc), desktop
environment autostart files (.config/autostart, at least for MATE that
I'm running at the moment), etc.?  I'm pretty security-aware, but I
don't go examine all of that under normal conditions.  Checking the PATH
is a lot easier than checking all the rest of that.

I get that some don't like $HOME/.local/bin; that's fine, agree to
disagree (I don't really care one way or the other about this one).
However, don't try to make it about security; that just isn't really an
issue here, no matter how "obvious" you may feel it to be.
-- 
Chris Adams <linux at cmadams.net>


More information about the devel mailing list