On Fri, Nov 1, 2013 at 10:48 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > Am 01.11.2013 10:38, schrieb drago01: >> On Fri, Nov 1, 2013 at 10:26 AM, Andrew Haley <aph@xxxxxxxxxx> wrote: >>> On 10/30/2013 10:27 AM, Alec Leamas wrote: >>>> On 2013-10-30 11:23, Reindl Harald wrote: >>>>> Am 30.10.2013 11:20, schrieb Alec Leamas: >>>>>> On 2013-10-30 10:58, Reindl Harald wrote: >>>>>>> Am 30.10.2013 10:53, schrieb Alec Leamas: >>>>>>>> Some kind of reference for the bad in having a well-known, hidden directory in the path? >>>>>>> the *writeable for the user* is the problem >>>>>> Any reference for this problem? >>>>> what about consider the implications? >>>>> do you really need a written reference for any security relevant fact? >>>>> i can write one for you if you prefer links :-) >>>>> >>>> Well, the question is really if someone else out there share your >>>> concerns about this. >>> >>> Why does it matter? A hidden directory in everyone's path is obviously >>> useful to an attacker, and (IMO) more useful to an attacker than to a user. >> >> The attacker needs to be able to write to your home directory to take >> advantage of it. >> And if he can do that (you lost) he has numerous other ways of doing it > > so the people decided not put the current directory in the > PATH on Unix *for security reasons* decades ago must be > fools and if you would have been born as this happened you > would have told them "forget it, in that case you are lost" No because they have done it for a completely different reasons. None of them was to protect from the attacker that can write to your home directory. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
