On Wed, Oct 30, 2013 at 09:50:58AM -0500, Bruno Wolff III wrote: > >There is some concern on the devel mailing list about user-writable > >directories in the default $PATH -- initially discussion about ~/.local/bin > >as a hidden file, but now also out to ~/bin as well. I notice that these are > >home_bin_t. What does this do with the current policy, and what more could > >we do? (Particularly, a compromised application shouldn't be able to put > >binaries there, but a shell script or something like `pip install` probably > >_should_ be able to.) > As was also pointed out in that thread, if you are going to worry > about those directories, you should also worry about dot files used > when starting up shells (.login, .cshrc, .profile and the like). Right, I was the one who pointed that out in that thread. And, sure, let's worry about them too. What can SELinux do for us? -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
