severity 606369 wishlist retitle 606369 skel/.profile: put $HOME/bin at end of $PATH quit
Justin B Rye wrote: > If as an innocent newcomer to GNU/Linux I sort a set of downloaded > scripts into one directory called "keep" and another called "bin", > that doesn't necessarily mean I intend the second set to receive a > privileged position on my $PATH - on the contrary, it may mean I > think they look suspicious and intend to throw them away. Sounds like a good reason to remove the special handling of ~/bin from the default skel/.profile altogether. If you are interested in that, please file a new bug (for example by cloning this one). I do not find it a good reason to keep ~/bin at the end of $PATH. The suspicious user can be tricked into saving a malicious script named "sl" to ~/bin. The next time she transposes the letters of "ls" on the command line, trouble. Similar is the possibility of programs in ~/bin being run by scripts. The following is not such an unusual pattern: for browser in mozilla netscape lynx do if type $browser >/dev/null 2>&1 then $browser $url return fi done echo >&2 "could not find web browser" exit 1 A malicious script named 'netscape' in ~/bin could be run by such a non-Debian app with no typos involved. Likewise for many other utilities that may not already be available on the $PATH. > Malice isn't the only thing we need security against; the reason I > keep ~/bin at the *end* of my $PATH is for protection against my own > foolish mistakes. Makes sense. I think you will find people wanting both variants, so I am happy this is a user-editable file. :) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org