Am 30.10.2013 01:11, schrieb drago01: > On Tue, Oct 29, 2013 at 2:06 PM, Chris Adams <linux@xxxxxxxxxxx> wrote: >> Once upon a time, Reindl Harald <h.reindl@xxxxxxxxxxxxx> said: >>> a *hidden* *user writeable* directory *in front* of PATH is >>> plain stupid security wise and there is not but and not if >> >> Not really. Anything that can write to that directory can also write to >> shell init scripts, desktop environment autostart settings, etc., all of >> which are also dot-files/dot-directories. > > Yeah if someone can write to your home directory you are pretty much doomed yes, but don't you think there is a difference between place specific code somewhere or give the possibility to override standard commands? that's against the main reason why . is *not* in $PATH while on a windows console every random binary in the currecnt directory overrides commands [root@srv-rhsoft:~]$ mkdir test i could rm -rf ~/ here [root@srv-rhsoft:~]$ cat /usr/local/bin/mkdir #!/bin/bash echo "i could rm -rf ~/ here" __________________________________________________________________ and so that *must not* be easy possible in a *default setup*
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
