On 2013-10-30 11:23, Reindl Harald wrote:
Am 30.10.2013 11:20, schrieb Alec Leamas:
On 2013-10-30 10:58, Reindl Harald wrote:
Am 30.10.2013 10:53, schrieb Alec Leamas:
On 2013-10-30 10:23, Reindl Harald wrote:
Am 30.10.2013 02:03, schrieb Chris Adams:
Once upon a time, Reindl Harald <h.rei...@thelounge.net> said:
[root@srv-rhsoft:~]$ mkdir test
i could rm -rf ~/ here
[root@srv-rhsoft:~]$ cat /usr/local/bin/mkdir
#!/bin/bash
echo "i could rm -rf ~/ here"
If I can write to files you own, it doesn't matter if there's a
directory in the PATH or not. I can write this to your .bash_profile:
/bin/mkdir $HOME/.bin 2> /dev/null
echo 'echo "i could rm -rf ~/ here"' > $HOME/.bin/mkdir
chmod +x $HOME/.bin/mkdir
PATH=$HOME/.bin:$PATH
you can do this and that - but that's no valid argumentation
doing bad things in default setups and *at least* do not
place *hidden* diretories there, ther is a good reason why
software like rkhunter alerts if you have hidden directories
somewhere in /usr/bin/
Some kind of reference for the bad in having a well-known, hidden directory in
the path?
the *writeable for the user* is the problem
Any reference for this problem?
what about consider the implications?
do you really need a written reference for any security relevant fact?
i can write one for you if you prefer links :-)
Well, the question is really if someone else out there share your
concerns about this.
--alec
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
