$HOME/.local/bin in $PATH

Wed Oct 30 12:30:31 UTC 2013

On 10/30/2013 01:08 PM, Reindl Harald wrote:
>
>
> Am 30.10.2013 13:00, schrieb Alec Leamas:
>> On 2013-10-30 12:25, Reindl Harald wrote:
>>> i gave you a starting point to learn about security and the reason
>>> for sftp-chroot doing so is that someone could use race-conditions
>>> to bypass the security
>>>
>>> if you do not understand that allowing any random application running
>>> with your normal user permissions place a binary inside PATH is a bad
>>> idea i really can not help you
>>>
>>> security is *always* a process and layered, there are a lot of things
>>> to consider in different levels and while you can not gain 100%
>>> security you can make it harder to bypass restrictions on several
>>> places and doing things which are clearly against is not smart
>>>
>>> you can decide that security is not that important for you
>>> but a distribution as such should not make such wrong decisions for all users
>> No, it should not.  However,  the right decision is in many cases a trade-off between security and usabilty, not
>> always with a single answer. Allowing users to install sw (i. e., allowing random applications to put things in
>> $PATH) has of course security implications. Dis-allowing has usability aspects.  My personal view is that for the
>> distribution the defaults should allow and support user-installed sw.
>
> the distribution should *not* train users doing this in their userhome
>
> that is why /usr/local exists and software besides packages belongs
> there and should be installed as root, 1 out of 1000 users need
> to install software in the userhome,

Do you have any source for that assumption?
For example university students usually simply can't install as root.

> if so they should learn
> about the implications and have a small barrier

No, they should just install the software and be done with it.

> it's not that hard to edit .bash_profile but you need to do it by hand
> which means you have to spend a thought about it which is completly
> different to "i did not know about the door i never opened by myself"

Why should I do that? I expect `pip install --user` to install my 
package without me having to fiddle with .bash_profile.

>> And, isn't  this still a little off-topic?
>
> no it is not because the topic is in the subject
>
>> Current defaults already has ~/bin in $PATH, and user can certainly put
>> things there. Isn't the issue here if having a hidden, writeable directory
>> in $PATH is such a bad idea, given that users actually can install sw?
>
> guess how many users are aware of the hidden directory compared with
> "bin" in the userhome and how often someone may take a look

Also guess how many users don't care.
Do you have data to make anything else than a guess?

> you can now argue that the user does not look in both of them
> and i argue that extaly *this* is the problem
> the defaults are dangerous for the majority of ordinary users

I personally like that ~/bin contains what I put there myself by hand, 
and ~/.local/bin has what was installed via pip.

> but there are users sometimes take a look what is in their userhome
> the chance doing also in hidden subdirectories is by zero

This is wild speculation.
You can just echo $PATH to see what directories are in $PATH.

Also, if you bother securing .bash_profile so that rogue programs can't 
write into it, you can easily check if $PATH is set the way you want it.
If you don't bother, it doesn't matter if malware installs to 
~/.local/bin/rootkit or ~/.rootkit

-- 
Petr³