On Wed, 2011-07-27 at 00:01 -0400, Braden McDaniel wrote:
> On Tue, 2011-07-26 at 08:45 -0430, Robert Marcano wrote:
> > On 07/26/2011 08:36 AM, Genes MailLists wrote:
> > > On 07/26/2011 08:03 AM, Misha Shnurapet wrote:
> > >> 26.07.2011, 18:34, "Andrew Haley"<aph@xxxxxxxxxx>:
> > >>> On 26/07/11 10:22, Misha Shnurapet wrote:
> > >>>
> > >>>> Since F15 ~/bin has been added to PATH, and commands that are
> > >>>> supposed to run user scripts will work without changing into that
> > >>>> directory. Meanwhile, ~/.local/bin isn't used. I'd like to propose
> > >>>> that it is also added because technically it is ~/bin's brother.
> > >>>
> > >>> I've never heard of ~/.local/bin . Are there many people who use
> > >>> this? ~/bin is common.
> > >>
> > >> ~/.local/bin has been there by default.
> > >>
> > >> Unlike ~/bin, which is in PATH though not even created.
> > >>
> > >
> > > Where in the path do the user 'bin' elements appear in the path?
> >
> > In /etc/skel/.bash_profile they are added to the end and I think that is ok
> >
> > PATH=$PATH:$HOME/.local/bin:$HOME/bin
> >
> > Never knew about ~/.local/bin my .bash_profile is really old from the
> > time where the default was only ~/bin
>
> Can someone explain (or point to) the rationale appending these to PATH
> rather than prepending them? I would have expected user binaries to
> supersede system ones.
Although there is probably only a small number of security
vulnerabilities of user applications that would allow just creating and
writing new files on a file system, nevertheless there can be some. The
attacker could then create any binary that users usually run and get a
full control of the user's account easily this way.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
