Tomasz Kłoczko wrote: > On Fri, 15 Jun 2018 at 23:21, Björn Persson <Bjorn@rombobjörn.se> wrote: > [..] > > Don't forget that if your proof of concept can be modified to either > > overwrite or append to ~/.bashrc, then it's irrelevant to this debate. > > before ~/.bashrc is executed many other scripts executions > already is finished This is true and completely irrelevant. > Whatever you want to do over you account session or profile scripts it > is already _to late_. > Is that clear now? No it's not clear. I have no idea why you're rambling about the order in which Bash executes its startup files. The order doesn't matter, especially since the hypothetical attacker is supposedly unable to modify those files. You claimed to have a proof of concept that would demonstrate how some security hole can be exploited if and only if ~/.local/bin is listed before /usr/bin in PATH. I asked you to post your proof of concept. You didn't. I will therefore conclude that you don't actually have one. Björn Persson
Attachment:
pgpwHuEeBNkAO.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/W7FD5RX2WWHIKRGM2LS5Q6N7X24DBTAQ/
