$HOME/.local/bin in $PATH
Chris Adams
linux at cmadams.net
Fri Nov 1 20:04:12 UTC 2013
Once upon a time, Miloslav Trmač <mitr at volny.cz> said:
> I don't think this in practice matters _for security_[1]: Even the
> users that know ~/bin exists are extremely unlikely to be regularly
> checking its contents to see whether a malicious file hasn't been
> added.
And again, it isn't just directories in PATH. How many users regularly
check their shell init scripts (.bash_profile, .bashrc), desktop
environment autostart files (.config/autostart, at least for MATE that
I'm running at the moment), etc.? I'm pretty security-aware, but I
don't go examine all of that under normal conditions. Checking the PATH
is a lot easier than checking all the rest of that.
I get that some don't like $HOME/.local/bin; that's fine, agree to
disagree (I don't really care one way or the other about this one).
However, don't try to make it about security; that just isn't really an
issue here, no matter how "obvious" you may feel it to be.
--
Chris Adams <linux at cmadams.net>
More information about the devel
mailing list