Once upon a time, Reindl Harald <h.reindl@xxxxxxxxxxxxx> said: > [root@srv-rhsoft:~]$ mkdir test > i could rm -rf ~/ here > > [root@srv-rhsoft:~]$ cat /usr/local/bin/mkdir > #!/bin/bash > echo "i could rm -rf ~/ here" If I can write to files you own, it doesn't matter if there's a directory in the PATH or not. I can write this to your .bash_profile: /bin/mkdir $HOME/.bin 2> /dev/null echo 'echo "i could rm -rf ~/ here"' > $HOME/.bin/mkdir chmod +x $HOME/.bin/mkdir PATH=$HOME/.bin:$PATH Sure, it might not take effect immediately, but that's probably not the point (I can't depend on you running "mkdir" in a shell at any particular point in time anyway). You wouldn't gain anything security-wise by excluding a user-writable directory in PATH. In fact, having a "known" ~/.local/bin could allow for a more restrictive SELinux policy on that directory that doesn't let arbitrary programs running as the user write there (don't know if that is the case though). -- Chris Adams <linux@xxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
