On 07/27/2011 05:00 PM, Jesse Keating wrote: > On 7/27/11 1:09 PM, Reindl Harald wrote: >> Depends on the PATH-Order >> >> if something is intended to be first in PATH and any attacker is able >> to write there his "ls" would win against "/bin/ls" > > So, the attacker can write a compromised ls into .local/bin/, but isn't > able to modify your .bash_profile ? Seems like a stretch. > Yeh its a bit of a stretch - but it is a little bit easier for a blackhat to drop a file somewhere than to edit/replace a specific existing file (which could/should be rx not rwx) ... (think phishing) .. but still getting it to a damaging place can be more tricky ... gene -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
