On Wed, Oct 30, 2013 at 10:11:39 -0400, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote:
There is some concern on the devel mailing list about user-writable directories in the default $PATH -- initially discussion about ~/.local/bin as a hidden file, but now also out to ~/bin as well. I notice that these are home_bin_t. What does this do with the current policy, and what more could we do? (Particularly, a compromised application shouldn't be able to put binaries there, but a shell script or something like `pip install` probably _should_ be able to.)
As was also pointed out in that thread, if you are going to worry about those directories, you should also worry about dot files used when starting up shells (.login, .cshrc, .profile and the like).
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
