Am 30.10.2013 10:53, schrieb Alec Leamas: > On 2013-10-30 10:23, Reindl Harald wrote: >> Am 30.10.2013 02:03, schrieb Chris Adams: >>> Once upon a time, Reindl Harald <h.reindl@xxxxxxxxxxxxx> said: >>>> [root@srv-rhsoft:~]$ mkdir test >>>> i could rm -rf ~/ here >>>> >>>> [root@srv-rhsoft:~]$ cat /usr/local/bin/mkdir >>>> #!/bin/bash >>>> echo "i could rm -rf ~/ here" >>> If I can write to files you own, it doesn't matter if there's a >>> directory in the PATH or not. I can write this to your .bash_profile: >>> >>> /bin/mkdir $HOME/.bin 2> /dev/null >>> echo 'echo "i could rm -rf ~/ here"' > $HOME/.bin/mkdir >>> chmod +x $HOME/.bin/mkdir >>> PATH=$HOME/.bin:$PATH >> you can do this and that - but that's no valid argumentation >> doing bad things in default setups and *at least* do not >> place *hidden* diretories there, ther is a good reason why >> software like rkhunter alerts if you have hidden directories >> somewhere in /usr/bin/ >> > Some kind of reference for the bad in having a well-known, hidden directory in the path? the *writeable for the user* is the problem however, since i am one of them with explicit configurations and setting explicit $PATH in .bashrc and .bash_profile which are readonly do what you want with defaults, i would appreciate sane defaults but i can live with doing this job at my own
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
