On Tue, Jun 12, 2018 at 10:20:46AM -0700, Howard Howell wrote:
> I haven't followed all of this thread, too self busy.  However there is
> a security argument.  If you have a local executable directory, then
> the capability for malicious software to attach is wide open for that
> user, whatever their privelege level might be.
> Most businesses that have linux in their suite, won't want a ~/.bin
> anywhere in their organization.

If a malicious attacker have privileges to create/modify $HOME/.bin/foo,
then they will also have privileges to modify $HOME/.bashrc to add any
directory they wish to $PATH. So that security argument doesn't hold water.

|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to