> does NOT improve security at all Reason why it does : all the other paths in PATH by default are root- writeable only. If a personal ~/bin folder is at the front by default, all it takes is for someone to exploit you is to e.g. get you to unpack an archive in your HOME that has
a) the files you wanted and also b) a ./bin folder containing a `cd` program, for example Installing a persistent override of common system commands only requires user-level access with your ~/bin at the front of PATH. Yes, you still only need user-level access to add a line to someone's bash profiles to add ~/bin (or any other folder) to the start of PATH. But it's one more little thing to overcome. It might be the difference between you getting pwned or not. Adding a line to the bash profile elevates the difficulty from just tricking a user into plonking files on the filesystem to editing them. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/684393 Title: $PATH discrepency when ~/bin exists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/684393/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
