$HOME/.local/bin in $PATH
Reindl Harald
h.reindl at thelounge.net
Wed Oct 30 00:19:27 UTC 2013
Am 30.10.2013 01:11, schrieb drago01:
> On Tue, Oct 29, 2013 at 2:06 PM, Chris Adams <linux at cmadams.net> wrote:
>> Once upon a time, Reindl Harald <h.reindl at thelounge.net> said:
>>> a *hidden* *user writeable* directory *in front* of PATH is
>>> plain stupid security wise and there is not but and not if
>>
>> Not really. Anything that can write to that directory can also write to
>> shell init scripts, desktop environment autostart settings, etc., all of
>> which are also dot-files/dot-directories.
>
> Yeah if someone can write to your home directory you are pretty much doomed
yes, but don't you think there is a difference between place
specific code somewhere or give the possibility to override
standard commands?
that's against the main reason why . is *not* in $PATH while
on a windows console every random binary in the currecnt
directory overrides commands
[root at srv-rhsoft:~]$ mkdir test
i could rm -rf ~/ here
[root at srv-rhsoft:~]$ cat /usr/local/bin/mkdir
#!/bin/bash
echo "i could rm -rf ~/ here"
__________________________________________________________________
and so that *must not* be easy possible in a *default setup*
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20131030/667301d9/attachment.sig>
More information about the devel
mailing list