On 28 October 2013 14:05, Matthew Miller <mat...@fedoraproject.org> wrote:
> On Mon, Oct 28, 2013 at 11:28:01AM -0400, Paul Wouters wrote: > > >* Tue Jun 07 2011 Roman Rakus <…> - 4.2.10-3 > > >- Added $HOME/.local/bin to PATH in .bash_profile (#699812) > > An invisible directory in everyone's PATH. That's rather unfortunate. > > Okay, I'll bite. Why is this _particularly_ unfortunate? The directory > isn't > actually "invisible", just hidden. There are plenty of hidden files in home > directories which are executed all of the time, like ~/.bashrc and > ~/.bash_profile, and whatever X startup scripts your environment uses. > > Now, if you want to argue that nothing user-writable should be in $PATH by > default, I can maybe see your point, although I also see the convenience > trade-off, and a) that ship has long sailed and b) no one seems to be > arguing that. > > > There are hidden files which are executable but are well known and documented. However directories of executable that are not user visible are the prime places that hackers like to drop stuff off in. Add in something that is 'non-standard' in that ~/local/bin and ~/bin then you end up with a lot of problems from auditors finding a place to checkmark failure to surprise in just general sysadmins. > > -- > Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ < > mat...@fedoraproject.org> > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > -- Stephen J Smoogen.
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
