>> Can someone explain (or point to) the rationale appending these to PATH >> rather than prepending them? I would have expected user binaries to >> supersede system ones. > > Although there is probably only a small number of security > vulnerabilities of user applications that would allow just creating and > writing new files on a file system, nevertheless there can be some. The > attacker could then create any binary that users usually run and get a > full control of the user's account easily this way. >
appending helps a little, but if a security vulnerability allows a intruder to put binaries on ~/bin, I think it will not be difficult to overwrite .bash_profile (Unless something like SELinux is used to protect startup shell script) -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
