> does NOT improve security at all
Reason why it does : all the other paths in PATH by default are root-
writeable only. If a personal ~/bin folder is at the front by default,
all it takes is for someone to exploit you is to e.g. get you to unpack
an archive in your HOME that has
a) the files
Putting ~/bin at the end of the path increases security. That is enough
to end the argument.
If the user wants to override system tools, then they can just as easily
rearrange their path to have ~/bin at the beginning. In fact, that's
congruence: a user savvy enough to install their own tools to
I strongly oppose the bug request, by the same reasons pointed out by
Rhonda:
- It does NOT improve security at all, a malicious user could revert the
changes or do worse.
- It would prevent intentional overriding of tools.
By the same reason /usr/local/bin comes before /usr/bin, ~/bin should
** Changed in: bash (Debian)
Status: Unknown = New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/684393
Title:
$PATH discrepency when ~/bin exists
--
ubuntu-bugs mailing list
Thank you for your bug report. This bug has been reported to Debian
Maintainers. You can track it and make comments at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606369
** Bug watch added: Debian Bug tracker #606369
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606369
** Also
** Changed in: bash (Ubuntu)
Status: Triaged = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/684393
Title:
$PATH discrepency when ~/bin exists
--
ubuntu-bugs mailing list
Hi!
Actually I fail to see the security impact of this. If a user creates
the bin directory themself and put stuff in there themself then it's on
their own intention, not? I really fail to see the security part of the
issue. Actually it makes sense to have ~/bin first in PATH to be able to
If someone was able to access the box, create ~/bin and then drop a
malicious script in there, then what would stop them from editing files
that the user owns? Nothing.
It seems it's something specific to Debian, as a CentOS 5.5 box I have
doesn't have anything like that in .bashrc.
I can
Actually, scratch it, on CentOS 5.5, it's in ~/.bash_profile
However, it adds the personal path to the end of the list:
PATH=$PATH:$HOME/bin
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/684393
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/684393
Title:
$PATH discrepency when ~/bin exists
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/684393
Title:
$PATH discrepency when ~/bin exists
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
patch attached
** Patch added: bash_4.1-2ubuntu5.debdiff
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/684393/+attachment/1753396/+files/bash_4.1-2ubuntu5.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
12 matches
Mail list logo
