Gerfried Fuchs wrote:
> Downloaded scripts don't get executable permission by default, so this
> reasoning is flawed. They would have to get their permission changed to
> executable intentionally.
Or they'd have to have been downloaded in a zipfile/tarball, or have
passed through a vfat/iso9660 filesystem, or... but I'll spare you
the rest of this argument, because I doubt it's going to push the
bug severity above wishlist.
(By the way, any blackhat who expects me to type "sl" is out of
luck; the executable packaged as "sl" sits forlornly unused in
/usr/bin.)
>> Long ago I wrote myself a Perlscript called
>> ~/bin/deluser... so when a dist-upgrade introduced a system
>> executable of the same name and postrms started calling the wrong
>> one, I was thoroughly de-lusered.
>
> There is /usr/sbin/deluser indeed, but postrm scripts don't have your
> ~/bin in their PATH and never will. *That* would be a real security
> issue if they would.
I'm not sure what the exact cause was in the days of my painful
Potato→Woody upgrade, but maybe it was a side-effect of the way sudo
used to preserve things like $HOME (and /root/.profile sources
~/.bashrc rather than /root/.bashrc). Fixed now, anyway.
--
JBR For trifling occasions it is better to accomplish things
simply by yelling - _Hagakure_ (1716), Yamamoto Tsunetomo
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
