Am 27.07.2011 21:59, schrieb Marc-André Lureau: > I don't understand the security risks. If something is allowed to > write to ~/.local/bin (or ~/bin etc..), then surely it's able to read > elsewhere or do something else nasty. Could someone detail it?
Depends on the PATH-Order if something is intended to be first in PATH and any attacker is able to write there his "ls" would win against "/bin/ls" ________ independent of this: if you have a package NOT INSTALLED the binary does not exist and the bin-dir in the user folder will win, if you read any article and find a useful command which you have not installed and somebody has placed a vulnerable binary in your userhome it will be executed instead "command not found" and possible very long after it was placed
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
