Putting ~/bin at the end of the path increases security. That is enough to end the argument.
If the user wants to override system tools, then they can just as easily rearrange their path to have ~/bin at the beginning. In fact, that's congruence: a user savvy enough to install their own tools to ~/bin _and_ want them to override system tools is likely savvy enough to edit their path. A user who isn't savvy isn't going to be able to figure out why "cd <anywhere>" always takes them to /you-got-punked. Default to more security, not less. The amount of security gained is irrelevant as there is no cost to doing it right. The fallacy of "I can't imagine a scenario where ~/bin at the start of the path is a bigger security issue than if it's at the end of the path" is the same fallacy as "I can't break this encryption algorithm I wrote, therefore it's unbreakable." Ubuntu 14.04 is also broken in that, after ~/bin is created, the user has to a) re-source .profile, or b) logout and login. Ubuntu 16.04 has at least fixed that, despite having the same security issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/684393 Title: $PATH discrepency when ~/bin exists Status in bash package in Ubuntu: Incomplete Status in bash package in Debian: New Bug description: Binary package hint: bash Hi, From the thread here: http://ubuntuforums.org/showthread.php?t=1634980 If you have a bin folder in yer home directory, it adds it to the path. It currently adds ~/bin to the start of $PATH, which has been brought up as a bit of a security issue. It should add that path to the end of the $PATH variable, not the beginning. See the thread for a fix. Thanks. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: bash 4.1-2ubuntu3 ProcVersionSignature: Ubuntu 2.6.32-26.48-generic 2.6.32.24+drm33.11 Uname: Linux 2.6.32-26-generic i686 Architecture: i386 Date: Thu Dec 2 11:29:24 2010 InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.1) ProcEnviron: LANGUAGE= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: bash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/684393/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
