On Wed, 27 Jul 2011 17:14:22 -0400 Genes MailLists <lists@xxxxxxxxxxxx> wrote: > On 07/27/2011 05:00 PM, Jesse Keating wrote: > > On 7/27/11 1:09 PM, Reindl Harald wrote: > >> Depends on the PATH-Order > >> > >> if something is intended to be first in PATH and any attacker is > >> able to write there his "ls" would win against "/bin/ls" > > > > So, the attacker can write a compromised ls into .local/bin/, but > > isn't able to modify your .bash_profile ? Seems like a stretch. > > > > Yeh its a bit of a stretch - but it is a little bit easier for a > blackhat to drop a file somewhere than to edit/replace a specific > existing file (which could/should be rx not rwx) ... (think > phishing) .. but still getting it to a damaging place can be more > tricky ... It isn't tricky at all to collect passwords like this. > > gene -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
