Hi! * Philip Muskovac <[email protected]> [2010-12-08 19:40:38 CET]: > This was orignally reported on > https://bugs.launchpad.net/ubuntu/+source/bash/+bug/684393 > > >>From the thread here: http://ubuntuforums.org/showthread.php?t=1634980 > > If you have a bin folder in yer home directory, it adds it to the path. > > It currently adds ~/bin to the start of $PATH, which has been brought up > as a bit of a security issue. It should add that path to the end of the > $PATH variable, not the beginning.
Actually I fail to see the security impact of this. If a user creates the bin directory themself and put stuff in there themself then it's on their own intention, not? I really fail to see the security part of the issue. Actually it makes sense to have ~/bin first in PATH to be able to override system tools intentionally. I highly doubt that this will be changed on dubious reasoning and actually wonder why it was forwarded to Debian. To be honest, if a malicious person is able to put an ls program into ~/bin of a user they are also able to change their ~/.profile and put ~/bin first in PATH again, so it gets no additional security, at all. (I'm not closing the bugreport, it's not my package, but I guess it will be closed on that grounds) Thanks, Rhonda -- <dholbach> Last day of https://wiki.ubuntu.com/UbuntuDeveloperWeek starting in 34 minutes in #ubuntu-classroom on irc.feenode.net * ScottK hands dholbach an "r". <Rhonda> Are they fundraising again? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
