On 28 October 2013 14:05, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote:
On Mon, Oct 28, 2013 at 11:28:01AM -0400, Paul Wouters wrote:Okay, I'll bite. Why is this _particularly_ unfortunate? The directory isn't
> >* Tue Jun 07 2011 Roman Rakus <…> - 4.2.10-3
> >- Added $HOME/.local/bin to PATH in .bash_profile (#699812)
> An invisible directory in everyone's PATH. That's rather unfortunate.
actually "invisible", just hidden. There are plenty of hidden files in home
directories which are executed all of the time, like ~/.bashrc and
~/.bash_profile, and whatever X startup scripts your environment uses.
Now, if you want to argue that nothing user-writable should be in $PATH by
default, I can maybe see your point, although I also see the convenience
trade-off, and a) that ship has long sailed and b) no one seems to be
arguing that.
There are hidden files which are executable but are well known and documented. However directories of executable that are not user visible are the prime places that hackers like to drop stuff off in. Add in something that is 'non-standard' in that ~/local/bin and ~/bin then you end up with a lot of problems from auditors finding a place to checkmark failure to surprise in just general sysadmins.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx>
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Stephen J Smoogen.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct