On Wed, 2 May 2018, Kamil Dudka wrote:
On Wednesday, May 2, 2018 3:46:34 PM CEST Stephen Gallagher wrote:
On Wed, May 2, 2018 at 6:44 AM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:
On 2.5.2018 15:30, Stephen Gallagher wrote:
Does anyone see a reason not to prioritize ~/.local/bin over
<snip>
You have two choices:
1. Either you allow users to easily install software to their home directory.
If their user account is compromised, an attacker can install some software
they do not want to install, but it still affects their user account only.
2. You do not allow users to easily install software to their home directory.
In that case, they will install questionable software using sudo, which
gives it root privileges and affects all other users on the system (and
possibly other systems reachable through a trusted network).
Which of those choices is more secure?
if they've got sudo privs to install software in the system area as root
then any malicious program is going to emulate su/sudo in which case
you're rooted in both scenarios.
Is there any reason the OP can't use alias to override the system command
with the local one? that's what we used to do back in the '90s
Kamil
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
--
Iain Rae - Computing Officer | iainr @ inf. ed. ac. uk
School of Informatics, Univ of Edinburgh | Tel: +44 131 6505202
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
