Am 30.10.2013 02:03, schrieb Chris Adams: > Once upon a time, Reindl Harald <h.rei...@thelounge.net> said: >> [root@srv-rhsoft:~]$ mkdir test >> i could rm -rf ~/ here >> >> [root@srv-rhsoft:~]$ cat /usr/local/bin/mkdir >> #!/bin/bash >> echo "i could rm -rf ~/ here" > > If I can write to files you own, it doesn't matter if there's a > directory in the PATH or not. I can write this to your .bash_profile: > > /bin/mkdir $HOME/.bin 2> /dev/null > echo 'echo "i could rm -rf ~/ here"' > $HOME/.bin/mkdir > chmod +x $HOME/.bin/mkdir > PATH=$HOME/.bin:$PATH
you can do this and that - but that's no valid argumentation doing bad things in default setups and *at least* do not place *hidden* diretories there, ther is a good reason why software like rkhunter alerts if you have hidden directories somewhere in /usr/bin/ there are three type of users * people who care about security and know that there are enough rough edges but smart enough to take this *not as excuse* to create new ones * the ones which care only a little bit as long it comes not to personal comfort decisions and take bad behavior as excuse for create more bad behavior * the ones who don't care about security when it comes to decisions for a *distribution* only the first group is relevant, the others are dangerous and i am not sure who is more dangerous - not care at all or realize that what happens is wrong and support it
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
