On Wed, Jul 27, 2011 at 02:00:28PM -0700, Jesse Keating wrote: > On 7/27/11 1:09 PM, Reindl Harald wrote: > > Depends on the PATH-Order > > > > if something is intended to be first in PATH and any attacker is able > > to write there his "ls" would win against "/bin/ls" > > So, the attacker can write a compromised ls into .local/bin/, but isn't > able to modify your .bash_profile ? Seems like a stretch. Such vulnerabilities/exploits existed in the past, e.g. I remember one that allowed to create new world readable files at an arbitrary location. It was not possible to change existing files with that exploit. Regards Till -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel