Tomasz Kłoczko wrote: > Just FTR. > If Fedora maintainers will decide to put ~/.local/bin over /usr/bin on > the $PATH it will be possible to control over ~/.local/bin/id (and/or > many more similar commands) what happens on begin of the user login > session. None of the packages updates (except that one which will > remove ~/.local/bin/ from the $PATH) would be able to stop damage ones > done. > > Would you consider now classify such change as serious vulnerability > introduction? If you state a falsehood again and again it will eventually become true? Björn Persson
Attachment:
pgp7ADtVmx8qa.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/T5KBVFSRR46O6W5SEI3GU4GGOOINBDQR/
