On 2013-10-30 10:23, Reindl Harald wrote:
Am 30.10.2013 02:03, schrieb Chris Adams:
Once upon a time, Reindl Harald <h.reindl@xxxxxxxxxxxxx> said:
[root@srv-rhsoft:~]$ mkdir test
i could rm -rf ~/ here
[root@srv-rhsoft:~]$ cat /usr/local/bin/mkdir
#!/bin/bash
echo "i could rm -rf ~/ here"
If I can write to files you own, it doesn't matter if there's a
directory in the PATH or not. I can write this to your .bash_profile:
/bin/mkdir $HOME/.bin 2> /dev/null
echo 'echo "i could rm -rf ~/ here"' > $HOME/.bin/mkdir
chmod +x $HOME/.bin/mkdir
PATH=$HOME/.bin:$PATH
you can do this and that - but that's no valid argumentation
doing bad things in default setups and *at least* do not
place *hidden* diretories there, ther is a good reason why
software like rkhunter alerts if you have hidden directories
somewhere in /usr/bin/
Some kind of reference for the bad in having a well-known, hidden
directory in the path?
As for rkhunter, doesn't it warn for hidden directories in many places,
not just /usr/bin? The primary purpose seems to be to discover new,
hidden directories created by a rootkit or so. I can't see this applies
here.
--a
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
