On Mon, Jul 13, 2009 at 02:15:12PM +0200, Fabian Deutsch wrote: > Adding something like this raises security concerns, as this opens doors > for malicious software. > E.g. some application could but a binary named "bash" in ~/bin, which > would be run before /bin/bash. The same application could overwrite .bash_profile too. Or it would be very contrived to imagine a security hole that lets you create ~/bin and place an arbitrary binary into ~/bin/bash, but doesn't let you overwrite .bash_profile. So I don't think this is a security concern at all in the real world. Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://et.redhat.com/~rjones/libguestfs/ See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
