On Fri, Nov 02, 2007 at 11:34:01AM -0500, John Hasler wrote:
> I wrote:
> > See my other reponse to this thread. ~/bin at the front of $PATH is a
> > security risk.
>
> Miles writes:
> > It an attacker is able to install stuff in ~/bin, they can (and almost
> > certainly would) also modify your .
I wrote:
> See my other reponse to this thread. ~/bin at the front of $PATH is a
> security risk.
Miles writes:
> It an attacker is able to install stuff in ~/bin, they can (and almost
> certainly would) also modify your .profile (etc) to change PATH
> themselves.
There are a number of such expo
John Hasler <[EMAIL PROTECTED]> writes:
> See my other reponse to this thread. ~/bin at the front of $PATH is a
> security risk.
No it's not.
It an attacker is able to install stuff in ~/bin, they can (and almost
certainly would) also modify your .profile (etc) to change PATH
themselves.
-Miles
On Nov 1, 2007, at 3:16 PM, Douglas A. Tutty wrote:
On Thu, Nov 01, 2007 at 10:28:55AM -0500, John Hasler wrote:
Doug writes:
It would only be a security issue if the permissions on your home
directory and/or the execs themselves allowed others to execute
them.
A buggy application (buffer
On Thu, Nov 01, 2007 at 10:28:55AM -0500, John Hasler wrote:
> Doug writes:
> > It would only be a security issue if the permissions on your home
> > directory and/or the execs themselves allowed others to execute them.
>
> A buggy application (buffer overflow in Firefox...) or an evil bit of
> Ja
I am not sure I get the point of those of you who are
against having PATH=~/bin:$PATH. The PATH is just a
way to make life easier. If an executable can be run,
then it doesn't have to be in your PATH to be run.
As someone said before, you usually have in ~/bin
programs which are not available syst
John Hasler wrote:
> A writes:
> > If they've installed a binary there that has the same name as a
> > system-wide binary, its a good bet that they intend to run the local one,
> > otheriwse, why put it there? Hence it makes sense to put ~/bin on the
> > front of $PATH.
>
> See my other reponse to
Ron Johnson wrote:
> If $(HOME)/bin were first in your $PATH, then a malicious user or
> app that has write access to your account, then they could put
> sabotaged versions of common apps into $(HOME)/bin and do all sorts
> of nasty things to you.
If a malicious user has write access to your home
A writes:
> If they've installed a binary there that has the same name as a
> system-wide binary, its a good bet that they intend to run the local one,
> otheriwse, why put it there? Hence it makes sense to put ~/bin on the
> front of $PATH.
See my other reponse to this thread. ~/bin at the front
On Thu, Nov 01, 2007 at 03:15:47PM +0100, Florian Kulzer wrote:
> On Thu, Nov 01, 2007 at 06:31:22 -0700, David Fox wrote:
> > On Nov 1, 2007 5:49 AM, Florian Kulzer wrote:
> > >
> > > ~/.bash_profile does this by default nowadays:
> > >
> > > # set PATH so it includes user's private bin if it exis
Doug writes:
> It would only be a security issue if the permissions on your home
> directory and/or the execs themselves allowed others to execute them.
A buggy application (buffer overflow in Firefox...) or an evil bit of
JavaScript could be used by a "virus" to install a trojan in $HOME/bin.
--
On Thu, Nov 01, 2007 at 06:31:22 -0700, David Fox wrote:
> On Nov 1, 2007 5:49 AM, Florian Kulzer wrote:
> >
> > ~/.bash_profile does this by default nowadays:
> >
> > # set PATH so it includes user's private bin if it exists
> > if [ -d ~/bin ] ; then
> > PATH=~/bin:"${PATH}"
> > fi
> >
>
> T
On Wed, Oct 31, 2007 at 07:54:32PM -0800, Ken Irving <[EMAIL PROTECTED]> was
heard to say:
> My impression is that there's no particular reasons that it can't be done,
> but it just hasn't been done. There are probably wish list requests to
> this effect filed away somewhere on this, or so I diml
On Thu, Nov 01, 2007 at 06:54:54AM -0500, Ron Johnson wrote:
> If $(HOME)/bin were first in your $PATH, then a malicious user or
> app that has write access to your account, then they could put
> sabotaged versions of common apps into $(HOME)/bin and do all sorts
> of nasty things to you.
>
> Bu
On Nov 1, 2007 5:49 AM, Florian Kulzer <[EMAIL PROTECTED]> wrote:
>
> ~/.bash_profile does this by default nowadays:
>
> # set PATH so it includes user's private bin if it exists
> if [ -d ~/bin ] ; then
> PATH=~/bin:"${PATH}"
> fi
>
That's not as secure as putting the ~/bin part at the end.
On Thu, Nov 01, 2007 at 06:54:54 -0500, Ron Johnson wrote:
[...]
> If $(HOME)/bin were first in your $PATH, then a malicious user or
> app that has write access to your account, then they could put
> sabotaged versions of common apps into $(HOME)/bin and do all sorts
> of nasty things to you.
>
On 10/31/07 22:54, Ken Irving wrote:
> On Wed, Oct 31, 2007 at 08:31:45PM -0700, Andrew Sackville-West wrote:
>> On Wed, Oct 31, 2007 at 06:52:36PM -0800, Ken Irving wrote:
>>> On Wed, Oct 31, 2007 at 10:18:45PM -0400, Douglas A. Tutty wrote:
If all you want to do is put the mutt stuff in /usr
On Wed, Oct 31, 2007 at 08:31:45PM -0700, Andrew Sackville-West wrote:
> On Wed, Oct 31, 2007 at 06:52:36PM -0800, Ken Irving wrote:
> > On Wed, Oct 31, 2007 at 10:18:45PM -0400, Douglas A. Tutty wrote:
> > > If all you want to do is put the mutt stuff in /usr/local, why not just
> > > unpack the d
On Wed, Oct 31, 2007 at 06:52:36PM -0800, Ken Irving wrote:
> On Wed, Oct 31, 2007 at 10:18:45PM -0400, Douglas A. Tutty wrote:
> > On Thu, Nov 01, 2007 at 01:05:10PM +1100, hce wrote:
> > > On 10/31/07, Chris Bannister <[EMAIL PROTECTED]> wrote:
> > >
> > > > How are you installing mutt? Are you
hce writes:
> I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> searched the Debian package, but could not found it. Which of Debian
> package contains the GLIBC_2.4?
The dependencies for mutt are libc6 (>= 2.6-1), libgdbm3, libgnutls13 (>=
1.6.
On Wed, Oct 31, 2007 at 10:18:45PM -0400, Douglas A. Tutty wrote:
> On Thu, Nov 01, 2007 at 01:05:10PM +1100, hce wrote:
> > On 10/31/07, Chris Bannister <[EMAIL PROTECTED]> wrote:
> >
> > > How are you installing mutt? Are you compiling mutt from source or
> > > trying to install the Debian binar
On Thu, Nov 01, 2007 at 01:05:10PM +1100, hce wrote:
> On 10/31/07, Chris Bannister <[EMAIL PROTECTED]> wrote:
>
> > How are you installing mutt? Are you compiling mutt from source or
> > trying to install the Debian binary package?
> I am compiling mutt from the source, so I can install it in my
On 10/31/07, Chris Bannister <[EMAIL PROTECTED]> wrote:
> On Mon, Oct 29, 2007 at 01:02:31PM +1100, hce wrote:
> > Hi,
> >
> > I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> > searched the Debian package, but could not found i
My appology. I simply did reply all, not knowing it was a message only
sent to me.
On 10/30/07, hyjial <[EMAIL PROTECTED]> wrote:
> A pleasure to help you, although I am quite clueless
> about GLIBC_2.4 ; I am going to dig a bit.
> Nevertheless, notice that you have sent your lates
On Mon, Oct 29, 2007 at 01:02:31PM +1100, hce wrote:
> Hi,
>
> I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> searched the Debian package, but could not found it. Which of Debian
> package contains the GLIBC_2.4?
>
> Also, which htt
> I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> > > searched the Debian package, but could not found it. Which of Debian
> > > package contains the GLIBC_2.4?
> > >
> > > Also, which http source should I add it to the source.list? I
from source.
To have your database up to date, type : apt-get
update.
This might not be the solution to your GLIBC_2.4
problem, but doubtlessly the one for your postfix-dev
one.
Just try and tell us.
H.
P.S. : your sources.list was small enough to be
directly included in the E-mail. No real nee
Hi Doug,
Thanks for your response, please find attached my sources.list
Thank you.
Jim
On 10/29/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Mon, Oct 29, 2007 at 01:02:31PM +1100, hce wrote:
> >
> > I am installing mutt and got an error of "GLIBC_2.4 is mi
On Mon, Oct 29, 2007 at 01:02:31PM +1100, hce wrote:
>
> I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> searched the Debian package, but could not found it. Which of Debian
> package contains the GLIBC_2.4?
>
> Also, which http source should I
Hi,
I am installing mutt and got an error of "GLIBC_2.4 is missing", I
searched the Debian package, but could not found it. Which of Debian
package contains the GLIBC_2.4?
Also, which http source should I add it to the source.list? I tried to
download postfix-dev by apt-get install p
> apt-cache search couldn't find it I downloaded a copy from the
> > internet. With mjpegtools installed export still failed with a message
> > "mjpeg2enc: /lib/libc.so.6 version GLIBC_2.4 required."
>
> Here again, glibc2.4 drop non-pthread stuffs and many arch
; internet. With mjpegtools installed export still failed with a message
> "mjpeg2enc: /lib/libc.so.6 version GLIBC_2.4 required."
Here again, glibc2.4 drop non-pthread stuffs and many architectures
still depend on that.
Seen here: http://www.grep.be/blog/en/computer/debian/glibc_2.3
&g
2enc: /lib/libc.so.6 version GLIBC_2.4 required."
On my old slow box kino export worked without this problem. The old box
was Etch upgraded from Sarge with a home-rolled 2.6.18 kernel. The new
box is a netinst of Etch with a stock 2.6.18-4-amd64 kernel.
Is the problem with the version
33 matches
Mail list logo