Tomasz Kłoczko wrote: > Just FTR. > If Fedora maintainers will decide to put ~/.local/bin over /usr/bin on > the $PATH it will be possible to control over ~/.local/bin/id (and/or > many more similar commands) what happens on begin of the user login > session. None of the packages updates (except that one which will > remove ~/.local/bin/ from the $PATH) would be able to stop damage ones > done. > > Would you consider now classify such change as serious vulnerability > introduction?
If you state a falsehood again and again it will eventually become true? Björn Persson
pgpRkTK3_EirR.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/T5KBVFSRR46O6W5SEI3GU4GGOOINBDQR/