$HOME/.local/bin in $PATH
Chris Adams
linux at cmadams.net
Wed Oct 30 01:03:40 UTC 2013
Once upon a time, Reindl Harald <h.reindl at thelounge.net> said:
> [root at srv-rhsoft:~]$ mkdir test
> i could rm -rf ~/ here
>
> [root at srv-rhsoft:~]$ cat /usr/local/bin/mkdir
> #!/bin/bash
> echo "i could rm -rf ~/ here"
If I can write to files you own, it doesn't matter if there's a
directory in the PATH or not. I can write this to your .bash_profile:
/bin/mkdir $HOME/.bin 2> /dev/null
echo 'echo "i could rm -rf ~/ here"' > $HOME/.bin/mkdir
chmod +x $HOME/.bin/mkdir
PATH=$HOME/.bin:$PATH
Sure, it might not take effect immediately, but that's probably not the
point (I can't depend on you running "mkdir" in a shell at any
particular point in time anyway). You wouldn't gain anything
security-wise by excluding a user-writable directory in PATH.
In fact, having a "known" ~/.local/bin could allow for a more
restrictive SELinux policy on that directory that doesn't let arbitrary
programs running as the user write there (don't know if that is the case
though).
--
Chris Adams <linux at cmadams.net>
More information about the devel
mailing list